Gmail and SSL

• Previous message (by thread): Gmail and SSL
• Next message (by thread): Gmail and SSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/02/2013 09:14 PM, Damian Menscher wrote:
> Back on topic: encryption without knowing who you're talking to is worse
> than useless (hence no self-signed certs which provide a false sense of
> security),

In fact, it's very useful -- what do you think the initial diffie-hellman
exchanges are doing with pfs? Encryption without (strong) authentication
is still useful for dealing with passive listening. It's a shame, for example,
that wifi security doesn't encrypt everything on an open AP to require
attacks be active rather than passive. It's really easy to just scan the
airwaves, but I probably don't need to remind you of that.

Mike

• Previous message (by thread): Gmail and SSL
• Next message (by thread): Gmail and SSL
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]