Gmail and SSL

George Herbert george.herbert at gmail.com
Wed Jan 2 20:10:55 UTC 2013


On Wed, Jan 2, 2013 at 11:36 AM, William Herrin <bill at herrin.us> wrote:
> Communications using a key signed by a trusted
> third party suffer such attacks only with extraordinary difficulty on
> the part of the attacker. It's purely a technical matter.

While I agree with your general characterization of MIIM, the
"extraordinary difficulty" here is not supported.

As has been demonstrated, the bar for getting certs from some trusted
CAs is in some cases low enough that it's not even difficult, much
less extraordinarily difficult.  Getting certs to a well known domain
may be somewhat harder, it might be useful to see how far someone got
trying to get a "mail.google.com" cert from all the commonly trusted
vendors without resorting to illegal penetrations or layer 8+ hacking
/ social engineering / threats / intimidation / politics, but even if
we exclude those threats the general envelope for not-well-known
domains seems risky.

Google is setting a higher bar here, which may be sufficient to deter
a lot of bots and script kiddies for the next few years, but it's not
enough against nation-state or serious professional level attacks.

The advantage for the deterrence it can give may well be worth it
anyways, for the near future.  Every measure in security that does not
involve the off switch is a half-measure, at least in the long term,
even very large key crypto, but enough incremental steps form a useful
cushion.


-- 
-george william herbert
george.herbert at gmail.com



More information about the NANOG mailing list