nanog mailing list archives
Re: Gmail and SSL
From: Christopher Morrow <christopher.morrow () gmail com>
Date: Wed, 2 Jan 2013 20:39:52 -0500
On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow <christopher.morrow () gmail com> wrote:
On Jan 2, 2013 7:36 PM, "William Herrin" <bill () herrin us> wrote:Me, no, although I have read credible reports that otherwise reputable SSL signers have issued MITM certs to governments for their filtering firewalls.That's not the case join is referring to.The governments in question are watching for exfiltration and theyNo, not really. Some are busy tracking "dissidents" among their populations.largely use a less risky approach: they issue their own root key and, in most cases, install it in the government employees' browser before handing them the machine.Not just for employees.A "reputable" SSL signer would have to get outed just once issuing a government a resigning cert and they'd be kicked out of all the browsers. They'd be awfully easy to catch.Oh! You mean like cyber trust and etilisat? Right... That's working just perfectly...
should have included this reference link: <https://www.eff.org/deeplinks/2010/08/open-letter-verizon>
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL John R. Levine (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Matthew Palmer (Jan 02)
- Re: Gmail and SSL Masataka Ohta (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Gary E. Miller (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL Jeff Kell (Jan 02)