Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It does matter and the article has reasoning about why it does. "The NSA could get the DuckDuckGo master cert in one of three ways:

1. Be given the cert

2. Physical access to servers or load-balancers

3. Remote access to servers or load-balancers"



If they can get direct access to the DDG servers, then it doesn't matter if they can siphon off traffic at the ISP level. They can just access the data.


But wouldn't that require constant access to the server, whereas the key they could steal once with short access to server and use until it expires without the victim noticing?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: