Did I just upload my private SSL keys to the NSA?

5 points

13 years ago

With the Lavabit SSL key seizure [1,2], the US Government and the US courts have shown that they'll take the private keys if they feel they need them.

Have e.g. AWS received similar orders for keys used with ELBs? Or anything on the EC2 VMs? Or CloudFlare?

When I upload my private key to these services, does it go straight to the NSA keystore? Or do they only seize certain keys? Or no keys at all and I can take off my tinfoil hat now? Can we know?

What happens when an NSA employee is disgruntled / makes a mistake / becomes a mole / whatever and leaks the entire keystore?

Did we all already know? Should I stop tinfoiling? Should we trust that they don't do this? Should I never have been such a lazy moron as to use any such services?

Sigh

For the record I believe the government should be able to do warrant-based eavesdropping etc of specific individuals - it's the dragnet aspect to this whole mess that just breaks my heart. So there's no need to put me on that list you got there Mr USG...

Sigh^2

[1]: https://news.ycombinator.com/item?id=6517553 [2]: http://www.newyorker.com/online/blogs/elements/2013/10/how-lavabit-edward-snowden-email-service-melted-down.html

1 comment