nanog mailing list archives
Re: Gmail and SSL
From: Michael Thomas <mike () mtcc com>
Date: Thu, 03 Jan 2013 05:36:48 -0800
On 01/02/2013 09:14 PM, Damian Menscher wrote:
Back on topic: encryption without knowing who you're talking to is worse than useless (hence no self-signed certs which provide a false sense of security),
In fact, it's very useful -- what do you think the initial diffie-hellman exchanges are doing with pfs? Encryption without (strong) authentication is still useful for dealing with passive listening. It's a shame, for example, that wifi security doesn't encrypt everything on an open AP to require attacks be active rather than passive. It's really easy to just scan the airwaves, but I probably don't need to remind you of that. Mike
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Gary E. Miller (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL Jeff Kell (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Michael Thomas (Jan 03)
- Re: Gmail and SSL Maxim Khitrov (Jan 03)
- Re: Gmail and SSL Jimmy Hess (Jan 03)
- Re: Gmail and SSL Peter Kristolaitis (Jan 03)
- Re: Gmail and SSL Jay Ashworth (Jan 04)
- Re: Gmail and SSL Matthias Leisi (Jan 03)
- Re: Gmail and SSL Steven Bellovin (Jan 03)
- Re: Gmail and SSL Kyle Creyts (Jan 03)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)