You are viewing a single comment's thread.

view the rest of the comments →

[–] [deleted] 0 points 40 points (+40|-0) ago  (edited ago)

[Deleted]

0
9

[–] 15104587? 0 points 9 points (+9|-0) ago  (edited ago)

Technically, the CA doesn't hold the keys, they only sign the certificate to attest authenticity. The private key is on the server that generated the key. What could happen though, is the CA could generate a false certificate that can be used in a man-in-the-middle attack.

Now, if the CA offers to generate the public/private key pair for the customer, it requires the CA to "forget" the private key, which is where some shenanigans could occur. It would still require the CA to mount a man-in-the-middle attack between the election polling endpoint and the receiving server in order to use the keys.

In that scenario, if you're talking about the local wifi in the polling location, someone would need to have a device planted in each polling location to use the Mana Toolkit. If you're talking about an election board's server transmitting results to the State's election board, they would need to hack into a device between the two servers. The "easiest" option I see would be planting a device at polling places in fraud-friendly counties.

0
6

[–] 15106134? 0 points 6 points (+6|-0) ago 

Anyone else realize that is Cloudflare's entire business model. The ARE the man in the middle.

0
5

[–] 15108739? 0 points 5 points (+5|-0) ago 

Didn't Q say look to California?

0
3

[–] 15104735? 0 points 3 points (+3|-0) ago  (edited ago)

So basically that means all voting records should be audited to find the difference between intercepted and original ones. The problem is the SSL system is designed on trust to highest authority-in this case the certificate issuing authority. This is by design and we understand why now .

0
1

[–] 15106585? 0 points 1 point (+1|-0) ago 

But what hiding place is already installed in every voting location?

Um...the voting machines?

0
0

[–] 15104115? ago 

They need to use a VPN to secure the data from the CA.