On 2013-01-07 10:31 PM, Jeffrey Walton wrote:
In addition,
Mozilla does not make money form the CAs.
What is in it for Mozilla?
What was in it for Banking Committee Senators Jon Corzine, Chris Dodd,
and Kent Conrad, and Fannie May CEO Jim Johnson?
On 7/01/13 15:31 PM, Jeffrey Walton wrote:
On Mon, Jan 7, 2013 at 3:15 AM, ianG wrote:
...
Yeah. Little known fact is that Mozilla maintains confidential discussions
with the CAs. The "open group" is basically theater, it has been totally
owned by the CAs for many years. Mozilla routinely
On Mon, Jan 7, 2013 at 3:15 AM, ianG wrote:
>>
>> ...
>>
> Yeah. Little known fact is that Mozilla maintains confidential discussions
> with the CAs. The "open group" is basically theater, it has been totally
> owned by the CAs for many years. Mozilla routinely reports no meetings,
> minutes, p
On 7/01/13 14:15 PM, Jeffrey Walton wrote:
Hi Ian,
Off list.
I suspect not. No matter.
iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Hi Ian,
Off list. I am so gad damn angry at myself for seeing this sooner. It
all makes sense now.
OT: Habe you read http://www.amazon.com/dp/1420059815? Perhaps you
contributed or technical edited?
Thanks again for your insight.
Jeff
On Mon, Jan 7, 2013 at 3:15 AM, ianG wrote:
> On 7/01/13 0
On Mon, Jan 7, 2013 at 3:15 AM, ianG wrote:
> On 7/01/13 06:48 AM, Jeffrey Walton wrote:
>> On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton wrote:
>>> On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst
>>> wrote:
>>>
> Yeah. Little known fact is that Mozilla maintains confidential discuss
On 7/01/13 06:48 AM, Jeffrey Walton wrote:
On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton wrote:
On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst wrote:
In the future, we won't need their honesty. Or the 'honesty' they want
use to perceive.
Did anyone really think a CA would risk a mul
On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton wrote:
> On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst wrote:
>>
> In the future, we won't need their honesty. Or the 'honesty' they want
> use to perceive.
>
>
>
> Did anyone really think a CA would risk a multimillion dollar business?
>
Did
On Fri, Jan 4, 2013 at 6:40 PM, wrote:
>
> you may have already seen this, but
>
> http://www.bbc.co.uk/news/technology-20908546
>
> Cyber thieves pose as Google+ social network
>
> ...
>
> The fake ID credentials have been traced back to Turkish security
> firm TurkTrust which mistakenly issued
Erwann,
The text in that FAQ refers to the administrator enabling HTTPS inspection, my
assumption is that for there to be FAQ references it is 'obvious' in the UI
that it can be enabled.
That said I don't disagree with most of what you said below.
Ryan Hurst
Sent from my phone, please forgiv
2013/1/5 Ryan Hurst
> I've been unable to find a screenshot but this FAQ does suggest that there
> is an explicit action required to enable HTTPS inspection:
> https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65123
>
>
I don't see anythin
It's still not clear it was willful; For example maybe they were using an
enterprise CA enable the MiTM for their machines / enterprise users who knew
the traffic was monitored and to fix some user reported problem they made a
configuration mistake.
After all in the end these are just Base64 bl
On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst wrote:
> I've been unable to find a screenshot but this FAQ does suggest that there
> is an explicit action required to enable HTTPS inspection:
> https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk
I've been unable to find a screenshot but this FAQ does suggest that there is
an explicit action required to enable HTTPS inspection:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65123
As for what appropriate consequences are for Tur
On Sat, Jan 5, 2013 at 3:26 PM, Ryan Hurst wrote:
> Ian, I do agree with you that the dynamic configurations of them firewall is
> the most suspect part of the story.
>
> I'm inclined to give them the benefit of the doubt based on my experience
> managing some UI related efforts inside of Window
Ian, I do agree with you that the dynamic configurations of them firewall is
the most suspect part of the story.
I'm inclined to give them the benefit of the doubt based on my experience
managing some UI related efforts inside of Windows -- aka today modern software
makes an effort to intuit us
Just to top-post on that - I did read up on a lot more references [0],
and I see that the claim is that the CA concerned issued the
intermediates by mistake. They caught one of them later on and fixed
it. The second they did not catch.
The holder of the second intermediate then installed it
I have no more information than the rest of you but my read of what they
published is that this was not a 'legitimate MITM' case.
It sounds to me as if they are saying a customer installed a previously
purchased certificate on a firewall for a legitimate purpose -- possibly
administration or SS
HI all,
On 5/01/13 15:55 PM, Ralph Holz wrote:
On 01/05/2013 12:29 PM, Ben Laurie wrote:
Unless all the people who saw it happened to be running Chrome, then
it seems quite likely it was used maliciously, surely?
The problem is that there are many values that both "legitimately" and
"malicio
On Sat, Jan 5, 2013 at 7:55 AM, Ralph Holz wrote:
> Hi,
>
> On 01/05/2013 12:29 PM, Ben Laurie wrote:
>> Unless all the people who saw it happened to be running Chrome, then
>> it seems quite likely it was used maliciously, surely?
>
> The problem is that there are many values that both "legitimat
Hi,
On 01/05/2013 12:29 PM, Ben Laurie wrote:
> Unless all the people who saw it happened to be running Chrome, then
> it seems quite likely it was used maliciously, surely?
The problem is that there are many values that both "legitimately" and
"maliciously" can take. Turktrust's argument seems t
On Sat, Jan 5, 2013 at 4:49 AM, Ryan Hurst wrote:
> FYI the article was changed post Dans mail and no longer contains the
> unsubstantiated references to malicious use quoted in the bellow.
Unless all the people who saw it happened to be running Chrome, then
it seems quite likely it was used mal
FYI the article was changed post Dans mail and no longer contains the
unsubstantiated references to malicious use quoted in the bellow.
Ryan
Sent from my phone, please forgive the brevity.
On Jan 4, 2013, at 8:30 PM, Jeffrey Walton wrote:
> On Fri, Jan 4, 2013 at 6:40 PM, wrote:
>>
>> you
On Fri, Jan 4, 2013 at 6:40 PM, wrote:
>
> you may have already seen this, but
>
> http://www.bbc.co.uk/news/technology-20908546
>
> Cyber thieves pose as Google+ social network
>
> The lapse let cyber thieves trick people into thinking they were
> on Google+ Continue reading the main story Relat
you may have already seen this, but
http://www.bbc.co.uk/news/technology-20908546
Cyber thieves pose as Google+ social network
The lapse let cyber thieves trick people into thinking they were
on Google+ Continue reading the main story Related Stories
Cyber-warriors join treasure hunt Insecure w
25 matches
Mail list logo