On 2012-12-16 6:23 AM, Andy Steingruebl wrote:
given some of the more recent attacks against Google (and Facebook's) customers they believe that active MiTM is actually a real threat, and would rather not pretend to protect you from it when they aren't, by using a self-signed certificate that they haven't verified in any way, even by you presenting it.
Recent MITM attacks have been by entities that are likely to be able to coerce a CA.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
