On Tue, Sep 10, 2013 at 6:06 PM, Ted Lemon <Ted.Lemon@xxxxxxxxxxx> wrote:
On Sep 10, 2013, at 5:47 PM, John R Levine <johnl@xxxxxxxxx> wrote:I don't know. What happens if they are served with an NSL?
> How likely is it that they would risk their reputation and hence their entire business by screwing around with free promo S/MIME certs?
Well I do not have access to the operational side of Comodo so I do not have direct knowledge. However I have no need of the money so if I had knowledge of an NSL that I found unconscionable then I would stop working for them.
I certainly don't think they'd *choose* to do anything like this, but what if it's that or jail? Remember, we know of at least one case of a business owner being threatened with jail because he closed his business rather than do precisely what we are discussing.
I don't think an NSL can require me to work for a company and since I am a foreign national I am not obliged to live in the country.
Low level government functionaries rarely attempt goon tactics on people who are relatives of cabinet ministers and have personal friends on both front benches in parliament.
Remember too that the NSL doesn't even have to be served to the CEO—it could as easily be served to a geek on staff. It's horrible to contemplate that such a thing might happen, but based on what we know at this point, it's not unreasonable to include this in our risk model. It is _definitely_ not in the tin foil hat zone anymore.
Could be but I have been working through what we know versus what would be required and I really can't see how a group of people who would let Snowden loose on their innermost secrets would be able to keep a conspiracy that required CAs or Gmail staff or the like to participate on the scale required.
All they would need to achieve the results as we know them from PRISM is the knowledge of where the fiber optic cables run and a large back hoe.
Website: http://hallambaker.com/