Re: Gmail and SSL

[William Herrin <bill () herrin us>]

On Wed, Jan 2, 2013 at 5:43 PM, George Herbert <george.herbert () gmail com> wrote:
> If push came to shove and minor legalities were not restraining me, I
> recall (without checking) your domain's emails come to your home, and
> your DSL or cable line is sniffable, so any of the CA who email URL
> validators out could be trivially temporarily spoofed (until you read
> your email and responded) by tapping your data lines.  BGP games to
> snarf your traffic are another venue, possibly not yet even covered by
> wiretap laws that I know of, though I'm not currently an ISP in a
> position to personally do that to you.

And none of this describes an extraordinary effort? The quote you're
trying to refute was, "suffer such attacks only with extraordinary
difficulty on the part of the attacker."


> If you're going to argue that that's cheating, that IS the threat envelope...

You're quite right about the scope of the threat envelope. And it's
one to two orders of magnitude more difficult to penetrate than
man-in-the-middle with an unverified key.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004