Gmail and SSL
christopher.morrow at gmail.com
Thu Jan 3 01:39:52 UTC 2013
On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow
<christopher.morrow at gmail.com> wrote:
> On Jan 2, 2013 7:36 PM, "William Herrin" <bill at herrin.us> wrote:
>> > Me, no, although I have read credible reports that otherwise reputable
>> > SSL
>> > signers have issued MITM certs to governments for their filtering
>> > firewalls.
> That's not the case join is referring to.
>> The governments in question are watching for exfiltration and they
> No, not really. Some are busy tracking "dissidents" among their populations.
>> largely use a less risky approach: they issue their own root key and,
>> in most cases, install it in the government employees' browser before
>> handing them the machine.
> Not just for employees.
>> A "reputable" SSL signer would have to get outed just once issuing a
>> government a resigning cert and they'd be kicked out of all the
>> browsers. They'd be awfully easy to catch.
> Oh! You mean like cyber trust and etilisat? Right... That's working just
should have included this reference link:
More information about the NANOG