nanog mailing list archives
Re: Gmail and SSL
From: Valdis.Kletnieks () vt edu
Date: Wed, 02 Jan 2013 22:31:34 -0500
On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
Google is setting a higher bar here, which may be sufficient to deter a lot of bots and script kiddies for the next few years, but it's not enough against nation-state or serious professional level attacks.
To be fair though - if I was sitting on information of sufficient value that I was a legitimate target for nation-state TLAs and similarly well funded criminal organizations, I'd have to think long and hard whether I wanted to vector my e-mails through Google. It isn't even the certificate management issue - it's because if I was in fact the target of such attention, my threat model had better well include "adversary attempts to use legal and extralegal means to get at my data from within Google's infrastructure". "Operation Aurora".
Attachment:
_bin
Description:
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Matthew Palmer (Jan 02)
- Re: Gmail and SSL Masataka Ohta (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Gary E. Miller (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL Jeff Kell (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Michael Thomas (Jan 03)
- Re: Gmail and SSL Maxim Khitrov (Jan 03)
- Re: Gmail and SSL Jimmy Hess (Jan 03)
- Re: Gmail and SSL Peter Kristolaitis (Jan 03)