[guardian-dev] Lavabit Legal Documents
William Gray
wgray at zetetic.net
Fri Oct 4 15:43:27 EDT 2013
IIRC, the reported compromises of SSL have to do with brute-forcing 1024
bit keys, as well as MITM attacks, hijacking certificates, and stealing
private keys. Perhaps in this case the key was a strong one? Stealing a
private key to build a legal case could possibly get said case thrown out
of court (or the evidence/discovery in question), so it's entirely possible
they already had it and the data they wanted from the NSA but need to
produce the evidence to the court in a way that's more legally justifiable,
with a court order. This would fit the pattern reported of other law
enforcement agencies (DEA) and prosecutors being instructed to do the same
with NSA data.
On Fri, Oct 4, 2013 at 2:18 PM, Aaron Lux <a at aaronlux.com> wrote:
> The complete document set regarding Lavabit is available at the link
> below:
>
> http://s3.documentcloud.org/documents/801182/redacted-pleadings-exhibits-1-23.txt
>
> These documents show Lavabit generated and kept the private key which is
> important. Obviously Lavabit ran their own server. These documents do not
> specify if Lavabit used a password on the private ssl key.
>
> One of the GoDaddy SSLv1 Certificates is still available at
> https://lavabit.com.
>
> If SSL is compromised then why did FBI spend all these resources and time
> to get the self-generated private key from someone who operates their own
> servers?
>
> +a
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/wgray%40zetetic.net
>
> You are subscribed as: wgray at zetetic.net
>
>
--
Team Zetetic
http://zetetic.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20131004/1f921974/attachment.html>
More information about the Guardian-dev
mailing list