[cryptography] Newbie Question

Sampo Syreeni decoy at iki.fi
Fri Dec 2 00:11:15 EST 2011

On 2011-12-01, Randall  Webmail wrote:

> I am an almost-complete greenie WRT crypto, which is why I'm here to 
> learn.
> What is the proper thing to do when one of those things pops up?   (It 
> is NOT a rare event).

They mostly mean you no harm. So just accept/except. But always bear in 
mind that it *could* be a man-in-the-middle attack. If they were out to 
get you, you know? They could be, without any reason at all, simply 
because they can and it's cheap. For further purposes some 20a down the 

Personally, my stuff is in the open. Even painfully so. I mostly play by 
Brin's open society rules. But most can't do that. So, be afraid, be 
very afraid.

> I use the "https everywhere" firefox extension on my OSX laptop. I do 
> not access my bank accounts on public WiFi, but I really don't have a 
> choice but to access webmail and gmail.  What should I do when I get 
> one of those cert warnings?

Did you ever divulge your name online? Your birthdate to a now-angry 
girlfriend, or perhaps facebook? Your social security number to an 
employer who might be willing to give it up for a price? Your PIN code 
to anybody at all who might change their opinion? Sure you weren't being 
wathced there?

Obviously if you didn't do any of that, it's just the first, most 
simplest thing you should have done unless you want yourself fully in 
the open. Personally, I don't mind much. But you might. ;)
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

More information about the cryptography mailing list