Quote:

Originally Posted by rowan There's no way (as far as we know) that SSL can be broken, but that doesn't stop the NSA being able to intercept and store encrypted data for a future date when it CAN be read (either through some magical new method of codebreaking, or something less fancy like acquiring the SSL certificate for that host...)

Ever install a SSL Key? If you bought your SSL certificate from Verisign, Thawt, Komodo, or other public vendors there is a record of your encrypt/decrypt key on file. All they need is a subpoena -- if the SSL Cert issuer is in the US the "governmental agency" can get that key -- YOUR ENCRYPTION IS TRASHED.

Use your own email servers and use private keys -- there is no central depository of the key but this is difficult for the consumer web. However, for your own internal company apps you can use private keys that you just generate on your servers and store them in your browser. THis is referred to by browsers as an untrusted key (LOL not NSA Approved and Trappable).

I can't imagine terrorists or dangerous criminals using plain text or public keys that are decryptable but then most are not rocket scientists and their independent cells are probably mainly knuckle-draggers. Boston Marathon Bombers with Twitter pages? Possible but sort of lame ....