Gmail and SSL

Valdis.Kletnieks at Valdis.Kletnieks at
Thu Jan 3 03:31:34 UTC 2013

On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:

> Google is setting a higher bar here, which may be sufficient to deter
> a lot of bots and script kiddies for the next few years, but it's not
> enough against nation-state or serious professional level attacks.

To be fair though - if I was sitting on information of sufficient value that I
was a legitimate target for nation-state TLAs and similarly well funded
criminal organizations, I'd have to think long and hard whether I wanted to
vector my e-mails through Google. It isn't even the certificate management
issue - it's because if I was in fact the target of such attention, my threat
model had better well include "adversary attempts to use legal and extralegal
means to get at my data from within Google's infrastructure".

"Operation Aurora".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list