Gmail and SSL

William Herrin bill at herrin.us
Thu Jan 3 00:42:16 UTC 2013


On Wed, Jan 2, 2013 at 5:43 PM, George Herbert <george.herbert at gmail.com> wrote:
> If push came to shove and minor legalities were not restraining me, I
> recall (without checking) your domain's emails come to your home, and
> your DSL or cable line is sniffable, so any of the CA who email URL
> validators out could be trivially temporarily spoofed (until you read
> your email and responded) by tapping your data lines.  BGP games to
> snarf your traffic are another venue, possibly not yet even covered by
> wiretap laws that I know of, though I'm not currently an ISP in a
> position to personally do that to you.

And none of this describes an extraordinary effort? The quote you're
trying to refute was, "suffer such attacks only with extraordinary
difficulty on the part of the attacker."


> If you're going to argue that that's cheating, that IS the threat envelope...

You're quite right about the scope of the threat envelope. And it's
one to two orders of magnitude more difficult to penetrate than
man-in-the-middle with an unverified key.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the NANOG mailing list