Phillip Hallam-Baker wrote: > Not unless you compile your browser from source and verify the source each > time you compile. Wrong, because your compiler may also be compromised. http://en.wikipedia.org/wiki/Backdoor_%28computing%29 Thompson's paper describes a modified version of the Unix C compiler that would: Put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and as a twist Also add this feature undetectably to future compiler versions upon their compilation as well. > They have demonstrated an ability to hide compromise > pretty well. See above. I know better than you how to hide it. Still, I can say open source helps a lot. >> It does not deny my point that PKI is no better than DH. > You are conflating the possibility of an attack with the certainty of an > attack succeeding. Assuming active MITM attacks both on ISP chains and CA chains, the attacks on PKI always suceed. > Subpoenaing the software providers and the CAs are two different issues. > Google could not credibly claim that its business would be destroyed if > PRISM was exposed but Are you saying that it's OK even though google's software business has damaged a lot? Note that google also has cloud provider business, which is also damaged a lot. > Symantec could and would make the claim that they > would lose a business unit they paid $1.2 billion for. Because PKI business is a fallacy, they really don't loss any real business. > Issuing a bogus certificate is a very visible event. Assuming active MITM attacks both on ISP chains and CA chains, the attacks are invisible. Masataka Ohta