[cryptography] Gmail and SSL

James A. Donald jamesd at echeque.com
Sat Dec 15 17:01:59 EST 2012

On 2012-12-16 6:23 AM, Andy Steingruebl wrote:
> given some of the more recent attacks against Google (and Facebook's) 
> customers they believe that active MiTM is actually a real threat, and 
> would rather not pretend to protect you from it when they aren't, by 
> using a self-signed certificate that they haven't verified in any way, 
> even by you presenting it.

Recent MITM attacks have been by entities that are likely to be able to 
coerce a CA.

More information about the cryptography mailing list