[cryptography] Gmail and SSL

Ben Laurie ben at links.org
Sat Dec 15 18:41:22 EST 2012


On Sat, Dec 15, 2012 at 10:01 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2012-12-16 6:23 AM, Andy Steingruebl wrote:
>>
>> given some of the more recent attacks against Google (and Facebook's)
>> customers they believe that active MiTM is actually a real threat, and would
>> rather not pretend to protect you from it when they aren't, by using a
>> self-signed certificate that they haven't verified in any way, even by you
>> presenting it.
>
>
> Recent MITM attacks have been by entities that are likely to be able to
> coerce a CA.

This is why you need Certificate Transparency.



More information about the cryptography mailing list