oss-sec mailing list archives

Re: On sanctioned MITMs

From: mancha <mancha1 () zoho com>
Date: Fri, 1 May 2015 23:41:22 +0000

On Sat, May 02, 2015 at 01:58:15AM +0300, Solar Designer wrote:

Hi,

I feel that this is borderline off-topic for oss-security because of
no specific relevance to Open Source, unless the discussion is somehow
refocused on aspects that are directly Open Source relevant - e.g.,
"should we block these CDNs (and how) in Open Source software's
SSL/TLS certificate validity checks because of those specific risks" -
that's just an example of what would bring the discussion on-topic for
this list, not an actual suggestion (I think such blocking would be
bad).


Hi.

Yes, that might not have been clear because I didn't say so explicitly.
But, implicit in my post was a question of how infosec and its
intersection with OSS (i.e. security policies in FF/Chromium/etc.)
should consider this situation and its implications.

--mancha

Attachment: _bin
Description:

Current thread:

Re: On sanctioned MITMs, (continued)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
  - Re: On sanctioned MITMs Dean Pierce (May 01)
  - Re: On sanctioned MITMs mancha (May 01)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
    - Re: On sanctioned MITMs mancha (May 02)
    - Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
    - Re: On sanctioned MITMs Joe Malcolm (May 04)
    - Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs Solar Designer (May 01)
  - Re: On sanctioned MITMs mancha (May 01)