You are viewing a single comment's thread.

view the rest of the comments →

0
9

[–] 15104587? 0 points 9 points (+9|-0) ago  (edited ago)

Technically, the CA doesn't hold the keys, they only sign the certificate to attest authenticity. The private key is on the server that generated the key. What could happen though, is the CA could generate a false certificate that can be used in a man-in-the-middle attack.

Now, if the CA offers to generate the public/private key pair for the customer, it requires the CA to "forget" the private key, which is where some shenanigans could occur. It would still require the CA to mount a man-in-the-middle attack between the election polling endpoint and the receiving server in order to use the keys.

In that scenario, if you're talking about the local wifi in the polling location, someone would need to have a device planted in each polling location to use the Mana Toolkit. If you're talking about an election board's server transmitting results to the State's election board, they would need to hack into a device between the two servers. The "easiest" option I see would be planting a device at polling places in fraud-friendly counties.

0
6

[–] 15106134? 0 points 6 points (+6|-0) ago 

Anyone else realize that is Cloudflare's entire business model. The ARE the man in the middle.

0
5

[–] 15108739? 0 points 5 points (+5|-0) ago 

Didn't Q say look to California?

0
1

[–] 15113295? 0 points 1 point (+1|-0) ago 

Yes Q certainly did.

0
3

[–] 15104735? 0 points 3 points (+3|-0) ago  (edited ago)

So basically that means all voting records should be audited to find the difference between intercepted and original ones. The problem is the SSL system is designed on trust to highest authority-in this case the certificate issuing authority. This is by design and we understand why now .

0
1

[–] 15104850? 0 points 1 point (+1|-0) ago 

Right, but good luck obtaining the original voting records.

0
1

[–] 15106585? 0 points 1 point (+1|-0) ago 

But what hiding place is already installed in every voting location?

Um...the voting machines?

0
0

[–] 15107298? ago 

The video I saw showed a modem installed but no other device. There looked to be plenty of room in one, but it would be more stealthy to install a single device under a desk, in a closet, etc., near the wifi access point. Election observers typically inspect the equipment itself and do not search the area for rogue devices. Someone could even hide the device in a backpack and it would never be discovered.