Gmail and SSL

Michael Thomas mike at mtcc.com
Thu Jan 3 13:36:48 UTC 2013


On 01/02/2013 09:14 PM, Damian Menscher wrote:
> Back on topic: encryption without knowing who you're talking to is worse
> than useless (hence no self-signed certs which provide a false sense of
> security),

In fact, it's very useful -- what do you think the initial diffie-hellman
exchanges are doing with pfs? Encryption without (strong) authentication
is still useful for dealing with passive listening. It's a shame, for example,
that wifi security doesn't encrypt everything on an open AP to require
attacks be active rather than passive. It's really easy to just scan the
airwaves, but I probably don't need to remind you of that.

Mike



More information about the NANOG mailing list