Gmail and SSL

William Herrin bill at
Thu Jan 3 01:51:51 UTC 2013

On Wed, Jan 2, 2013 at 8:39 PM, Christopher Morrow
<christopher.morrow at> wrote:
> On Wed, Jan 2, 2013 at 8:03 PM, Christopher Morrow
> <christopher.morrow at> wrote:
>> On Jan 2, 2013 7:36 PM, "William Herrin" <bill at> wrote:
>>> A "reputable" SSL signer would have to get outed just once issuing a
>>> government a resigning cert and they'd be kicked out of all the
>>> browsers. They'd be awfully easy to catch.
>> Oh! You mean like cyber trust and etilisat? Right... That's working just
>> perfectly...
> should have included this reference link:
> <>

Hi Christopher,

That was nearly 30 months ago. At the time there were no reports of
fake Etilisat certs, merely concern that the UAE's regulatory
environment was "institutionally hostile to the existence and use of
secure cryptosystems." Has the EFF's SSL Observatory project detected
even one case of a fake certificate under Etilisat's trust chain since

There's a reason Etilisat's cert is still valid and it isn't Honest Achmed's.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list