nanog mailing list archives
Re: Gmail and SSL
From: Steven Bellovin <smb () cs columbia edu>
Date: Thu, 3 Jan 2013 16:25:45 -0500
On Jan 3, 2013, at 3:52 PM, Matthias Leisi <matthias () leisi net> wrote:
On Thu, Jan 3, 2013 at 4:59 AM, Damian Menscher <damian () google com> wrote:While I'm writing, I'll also point out that the Diginotar hack which came up in this discussion as an example of why CAs can't be trusted was discovered due to a feature of Google's Chrome browser when a cert wasSimilar to http://googleonlinesecurity.blogspot.ch/2013/01/enhancing-digital-certificate-security.html?
Thanks; I was just about to post that link to this thread. Certificates don't spread virally, and random browsers don't go looking for whatever interesting certificates they find. They also don't like certs that say "*.google.com" when the user is trying to go somewhere else; that web site would be non-functional unless it was trying to impersonate a Google domain. Taken all together, this sounds to me like deliberate mischief by someone. In fact, were it not for the facts that the blog post says that Google learned of this on December 24 and this thread started on December 14, I'd wonder if there was a connection -- was this the incident that made Google reassess its threat model? Of course, this attack was carried out within the official PKI framework... --Steve Bellovin, https://www.cs.columbia.edu/~smb
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Michael Thomas (Jan 03)
- Re: Gmail and SSL Maxim Khitrov (Jan 03)
- Re: Gmail and SSL Jimmy Hess (Jan 03)
- Re: Gmail and SSL Peter Kristolaitis (Jan 03)
- Re: Gmail and SSL Jay Ashworth (Jan 04)
- Re: Gmail and SSL Matthias Leisi (Jan 03)
- Re: Gmail and SSL Steven Bellovin (Jan 03)
- Re: Gmail and SSL Kyle Creyts (Jan 03)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)