Gmail and SSL

George Herbert george.herbert at
Thu Jan 3 03:38:21 UTC 2013

On Wed, Jan 2, 2013 at 7:31 PM,  <Valdis.Kletnieks at> wrote:
> On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
>> Google is setting a higher bar here, which may be sufficient to deter
>> a lot of bots and script kiddies for the next few years, but it's not
>> enough against nation-state or serious professional level attacks.
> To be fair though - if I was sitting on information of sufficient value that I
> was a legitimate target for nation-state TLAs and similarly well funded
> criminal organizations, I'd have to think long and hard whether I wanted to
> vector my e-mails through Google. It isn't even the certificate management
> issue - it's because if I was in fact the target of such attention, my threat
> model had better well include "adversary attempts to use legal and extralegal
> means to get at my data from within Google's infrastructure".
> "Operation Aurora".

I probably fit into that description; while I vector my personal email
through Google, the actual sensitive stuff does not touch any wired or
wireless network.  Because I know.

-george william herbert
george.herbert at

More information about the NANOG mailing list