Re: Gmail and SSL

[George Herbert <george.herbert () gmail com>]

On Wed, Jan 2, 2013 at 7:31 PM,  <Valdis.Kletnieks () vt edu> wrote:
> On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
>
> > Google is setting a higher bar here, which may be sufficient to deter
> > a lot of bots and script kiddies for the next few years, but it's not
> > enough against nation-state or serious professional level attacks.
>
> To be fair though - if I was sitting on information of sufficient value that I
> was a legitimate target for nation-state TLAs and similarly well funded
> criminal organizations, I'd have to think long and hard whether I wanted to
> vector my e-mails through Google. It isn't even the certificate management
> issue - it's because if I was in fact the target of such attention, my threat
> model had better well include "adversary attempts to use legal and extralegal
> means to get at my data from within Google's infrastructure".
>
> "Operation Aurora".

I probably fit into that description; while I vector my personal email
through Google, the actual sensitive stuff does not touch any wired or
wireless network.  Because I know.


-- 
-george william herbert
george.herbert () gmail com