> On 12.07.2016 г., at 13:26, Franco Fichtner <fra...@lastsummer.de> wrote:
>> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <dan...@digsys.bg> wrote:
>> It is trivial to play MTIM with this protocol and in fact, there are
>> commercially available “solutions” for “securing one’s corporate network”
>> that doe exactly that. Some believe this is with the knowledge and approval
>> of the corporation, but who is to say what the black box actually does and
>> whose interests it serves?
> It's also trivial to ignore that pinning certificates and using client
> certificates can actually help a great deal to prevent all of what you
> just said. ;)
I don’t know many users who even know that they can do this — much less
actually using it. Pinning the browser vendor’s certificates does not protect
you from being spied while visiting someone else’s site. This is also
non-trivial to support.
In the early days of DANE, Google even had a version of Chrome that supported
DANE, just to kill it a bit later:
> The bottom line is not having GOST support readily available could alienate
> a whole lot of businesses. Not wanting those downstream use cases will make
> those shift elsewhere and the decision will be seen as an overly political
> move that in no possible way reflects the motivation of community growth.
Exactly — especially as long as there is no demonstrable proof that GOST is
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"