Gmail and SSL

Gary E. Miller gem at
Thu Jan 3 00:59:05 UTC 2013

Yo William!

On Wed, 2 Jan 2013 19:42:16 -0500
William Herrin <bill at> wrote:

> On Wed, Jan 2, 2013 at 5:43 PM, George Herbert
> <george.herbert at> wrote:
> > If push came to shove and minor legalities were not restraining me,
> > I recall (without checking) your domain's emails come to your home,
> > and your DSL or cable line is sniffable, so any of the CA who email
> > URL validators out could be trivially temporarily spoofed (until
> > you read your email and responded) by tapping your data lines.  BGP
> > games to snarf your traffic are another venue, possibly not yet
> > even covered by wiretap laws that I know of, though I'm not
> > currently an ISP in a position to personally do that to you.
> And none of this describes an extraordinary effort? The quote you're
> trying to refute was, "suffer such attacks only with extraordinary
> difficulty on the part of the attacker."

I would say it is pretty easy, and I have caught people doing it many
times.  All a hacker needs to do is get a sniffer near your email
traffic.  Then they can grab any challange emails sent to any of you
domain contacts.  Pretty trvial to do in a coffee shop environment.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
	gem at  Tel:+1(541)382-8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list