oss-sec mailing list archives
Re: On sanctioned MITMs
From: mancha <mancha1 () zoho com>
Date: Fri, 1 May 2015 23:41:22 +0000
On Sat, May 02, 2015 at 01:58:15AM +0300, Solar Designer wrote:
Hi, I feel that this is borderline off-topic for oss-security because of no specific relevance to Open Source, unless the discussion is somehow refocused on aspects that are directly Open Source relevant - e.g., "should we block these CDNs (and how) in Open Source software's SSL/TLS certificate validity checks because of those specific risks" - that's just an example of what would bring the discussion on-topic for this list, not an actual suggestion (I think such blocking would be bad).
Hi. Yes, that might not have been clear because I didn't say so explicitly. But, implicit in my post was a question of how infosec and its intersection with OSS (i.e. security policies in FF/Chromium/etc.) should consider this situation and its implications. --mancha
Attachment:
_bin
Description:
Current thread:
- Re: On sanctioned MITMs, (continued)
- Re: On sanctioned MITMs Hanno Böck (May 01)
- Re: On sanctioned MITMs Kurt Seifried (May 01)
- Re: On sanctioned MITMs Dean Pierce (May 01)
- Re: On sanctioned MITMs mancha (May 01)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 01)
- Re: On sanctioned MITMs mancha (May 02)
- Re: On sanctioned MITMs Lyndon Nerenberg (May 02)
- Re: On sanctioned MITMs Joe Malcolm (May 04)
- Re: On sanctioned MITMs Eddie Chapman (May 02)
- Re: On sanctioned MITMs mancha (May 01)