Full Disclosure mailing list archives

Re: Is This MITM Attack to Gmail's SSL ?

From: coderman <coderman () gmail com>
Date: Mon, 29 Aug 2011 16:35:31 -0700

On Mon, Aug 29, 2011 at 3:38 PM, Ferenc Kovacs <tyra3l () gmail com> wrote:

http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en

any thoughts?


sure:
- PRUNE YOUR ROOTS
- public key pinning == useful [0]
- perspectives == useful [1]
- google's cert catalog == useful [2]
- ssl observatory == useful [3]
- combine multiple above for best positioning

tech details http://pastebin.com/ff7Yg663

0. http://www.imperialviolet.org/2011/05/04/pinning.html
1. http://perspectives-project.org/
2. http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html
3. http://www.eff.org/observatory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Is This MITM Attack to Gmail's SSL ? Ferenc Kovacs (Aug 29)
- Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
  - Re: Is This MITM Attack to Gmail's SSL ? coderman (Aug 29)
    - Re: Is This MITM Attack to Gmail's SSL ? Jeffrey Walton (Aug 30)
    - Re: Is This MITM Attack to Gmail's SSL ? Ferenc Kovacs (Aug 30)
- Re: Is This MITM Attack to Gmail's SSL ? Nick Semenkovich (Aug 30)
- Re: Is This MITM Attack to Gmail's SSL ? Mark Felder (Aug 30)