[cryptography] Gmail and SSL

The Doctor drwho at virtadpt.net
Mon Dec 17 11:25:52 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2012 11:18 AM, Andy Steingruebl wrote:

> Do you have proof of that or just speculation?

CAs have been compromised.  A few: Comodo.  Diginotar.  KPN.

If a lone attcker can crack a CA and cut arbitrary certs, a
state-sponsored actor could as well.

As for buying MITM certs for DLP:

https://netsecurityit.wordpress.com/tag/data-loss-prevention/

http://www.theregister.co.uk/2012/02/09/tustwave_disavows_mitm_digital_cert/

Can a CA that's done this in the past be trusted not to do it again in
the future?  I don't think so.  If one does it, that gives the idea to
others, and they might not get caught.  There is a lot of money that
could be made selling them as well as a market for them (the same
market for DLP hardware).  See also, Jeff Walton's post earlier to
this list.

- -- 
The Doctor [412/724/301/703] [ZS|Media]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

FizerPharm: Trust.  Profit.  Deniability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDPR5AACgkQO9j/K4B7F8Gr0QCgySnFFaFwKNhnC6zEdtQsAtgO
qtQAniR0Z9a/k5KJmUe0QoK3X2DUmP7I
=KJzz
-----END PGP SIGNATURE-----



More information about the cryptography mailing list