nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail and SSL

From: William Herrin <bill () herrin us>
Date: Wed, 2 Jan 2013 20:51:51 -0500
On Wed, Jan 2, 2013 at 8:39 PM, Christopher Morrow
<christopher.morrow () gmail com> wrote:

On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow
<christopher.morrow () gmail com> wrote:

On Jan 2, 2013 7:36 PM, "William Herrin" <bill () herrin us> wrote:

A "reputable" SSL signer would have to get outed just once issuing a
government a resigning cert and they'd be kicked out of all the
browsers. They'd be awfully easy to catch.


Oh! You mean like cyber trust and etilisat? Right... That's working just
perfectly...


should have included this reference link:
<https://www.eff.org/deeplinks/2010/08/open-letter-verizon>


Hi Christopher,

That was nearly 30 months ago. At the time there were no reports of
fake Etilisat certs, merely concern that the UAE's regulatory
environment was "institutionally hostile to the existence and use of
secure cryptosystems." Has the EFF's SSL Observatory project detected
even one case of a fake certificate under Etilisat's trust chain since
then?

There's a reason Etilisat's cert is still valid and it isn't Honest Achmed's.

https://bugzilla.mozilla.org/show_bug.cgi?id=647959


Regards,
Bill Herrin

-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: