Re: Gmail and SSL

[Christopher Morrow <christopher.morrow () gmail com>]

On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow
<christopher.morrow () gmail com> wrote:
> On Jan 2, 2013 7:36 PM, "William Herrin" <bill () herrin us> wrote:
> >
>
> > > Me, no, although I have read credible reports that otherwise reputable
> > > SSL
> > > signers have issued MITM certs to governments for their filtering
> > > firewalls.
>
> That's not the case join is referring to.
>
> > The governments in question are watching for exfiltration and they
>
> No, not really. Some are busy tracking "dissidents" among their populations.
>
> > largely use a less risky approach: they issue their own root key and,
> > in most cases, install it in the government employees' browser before
> > handing them the machine.
>
> Not just for employees.
>
> > A "reputable" SSL signer would have to get outed just once issuing a
> > government a resigning cert and they'd be kicked out of all the
> > browsers. They'd be awfully easy to catch.
>
> Oh! You mean like cyber trust and etilisat? Right... That's working just
> perfectly...

should have included this reference link:
<https://www.eff.org/deeplinks/2010/08/open-letter-verizon>