Gmail and SSL
bill at herrin.us
Thu Jan 3 00:42:16 UTC 2013
On Wed, Jan 2, 2013 at 5:43 PM, George Herbert <george.herbert at gmail.com> wrote:
> If push came to shove and minor legalities were not restraining me, I
> recall (without checking) your domain's emails come to your home, and
> your DSL or cable line is sniffable, so any of the CA who email URL
> validators out could be trivially temporarily spoofed (until you read
> your email and responded) by tapping your data lines. BGP games to
> snarf your traffic are another venue, possibly not yet even covered by
> wiretap laws that I know of, though I'm not currently an ISP in a
> position to personally do that to you.
And none of this describes an extraordinary effort? The quote you're
trying to refute was, "suffer such attacks only with extraordinary
difficulty on the part of the attacker."
> If you're going to argue that that's cheating, that IS the threat envelope...
You're quite right about the scope of the threat envelope. And it's
one to two orders of magnitude more difficult to penetrate than
man-in-the-middle with an unverified key.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG