> On 12.07.2016 г., at 13:26, Franco Fichtner <fra...@lastsummer.de> wrote:
>> On 12 Jul 2016, at 11:59 AM, Daniel Kalchev <dan...@digsys.bg> wrote:
>> It is trivial to play MTIM with this protocol and in fact, there are 
>> commercially available “solutions” for “securing one’s corporate network” 
>> that doe exactly that. Some believe this is with the knowledge and approval 
>> of the corporation, but who is to say what the black box actually does and 
>> whose interests it serves?
> It's also trivial to ignore that pinning certificates and using client
> certificates can actually help a great deal to prevent all of what you
> just said.  ;)

I don’t know many users who even know that they can do this —  much less 
actually using it. Pinning the browser vendor’s certificates does not protect 
you from being spied while visiting someone else’s site. This is also 
non-trivial to support.
In the early days of DANE, Google even had a version of Chrome that supported 
DANE, just to kill it a bit later: 

> The bottom line is not having GOST support readily available could alienate
> a whole lot of businesses.  Not wanting those downstream use cases will make
> those shift elsewhere and the decision will be seen as an overly political
> move that in no possible way reflects the motivation of community growth.

Exactly — especially as long as there is no demonstrable proof that GOST is 
actually broken.

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to