Gmail and SSL

Christopher Morrow christopher.morrow at
Thu Jan 3 01:03:32 UTC 2013

On Jan 2, 2013 7:36 PM, "William Herrin" <bill at> wrote:

> >
> > Me, no, although I have read credible reports that otherwise reputable
> > signers have issued MITM certs to governments for their filtering

That's not the case join is referring to.

> The governments in question are watching for exfiltration and they

No, not really. Some are busy tracking "dissidents" among their populations.

> largely use a less risky approach: they issue their own root key and,
> in most cases, install it in the government employees' browser before
> handing them the machine.

Not just for employees.

> A "reputable" SSL signer would have to get outed just once issuing a
> government a resigning cert and they'd be kicked out of all the
> browsers. They'd be awfully easy to catch.

Oh! You mean like cyber trust and etilisat? Right... That's working just

> Regards,
> Bill Herrin
> --
> William D. Herrin ................ herrin at  bill at
> 3005 Crane Dr. ...................... Web: <>
> Falls Church, VA 22042-3004

More information about the NANOG mailing list