nanog mailing list archives
Re: Gmail and SSL
From: Christopher Morrow <christopher.morrow () gmail com>
Date: Wed, 2 Jan 2013 22:04:26 -0500
On Wed, Jan 2, 2013 at 8:51 PM, William Herrin <bill () herrin us> wrote:
secure cryptosystems." Has the EFF's SSL Observatory project detected even one case of a fake certificate under Etilisat's trust chain since then?
it's possible that the observatory won't see these in the wild, if the observatory is on the wrong side of the connection. According to the code EFF uses: <https://git.eff.org/?p=observatory.git;a=blob;f=README;h=235117a992ff83b7c04c66ba928bc1907cf76944;hb=HEAD> it looks like they simply portscanned 0/0 for tcp/443 listeners, then grabbed certs from the respondents. In the cases we're talking about in this thread EFF's observatory may never be in the middle of the conversation. In the cases of Etisalat (or one use they may have) the scanners may not be behind etisalat's piece of gear which uses the CA cert in question. "not observed in the wild" isn't really a good judge for this particular problem I think :( As to why the Etisalat cert isn't yet removed, I wouldn't know... it seems a bit fishy though. -chris
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL John R. Levine (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Matthew Palmer (Jan 02)
- Re: Gmail and SSL Masataka Ohta (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Gary E. Miller (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL Jeff Kell (Jan 02)
- Re: Gmail and SSL Damian Menscher (Jan 02)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)