RE: unintended?
[Moderator's note: Top posting is considered untasteful. --Perry] It doesn't need to be malicious. It depends on the situation. For example, lots of corporations do SSL session inspection using products like Bluecoat. The Bluecoat does a MiTM attack to expose the plaintext for analysis, and expects that corporate users trust the certificate it provides (and have pushed it out to all corporate browsers). If you've just loaded Firefox, it won't have that "trusted" cert loaded by default, and you'll see exactly the below. Ian. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Perrin Sent: Saturday, November 15, 2008 8:29 AM To: cryptography@metzdowd.com Subject: Re: unintended? On Fri, Nov 14, 2008 at 01:26:29PM +, [EMAIL PROTECTED] wrote: > (snicker) from the local firefox > > > en-us.add-ons.mozilla.com:443 uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is not trusted. > > (Error code: sec_error_untrusted_issuer) What does Perspectives have to say? What installation of Firefox did you use? I don't have that problem when I visit: https://addons.mozilla.org/en-US/firefox/ Do you perhaps have some kind of malicious redirection going on there? -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] John Kenneth Galbraith: "If all else fails, immortality can always be assured through spectacular error." - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: unintended?
On Fri, Nov 14, 2008 at 02:29:24PM -0700, Chad Perrin wrote: > On Fri, Nov 14, 2008 at 01:26:29PM +, [EMAIL PROTECTED] wrote: > > (snicker) from the local firefox > > > > > > en-us.add-ons.mozilla.com:443 uses an invalid security certificate. > > > > The certificate is not trusted because the issuer certificate is not > > trusted. > > > > (Error code: sec_error_untrusted_issuer) > > What does Perspectives have to say? > > What installation of Firefox did you use? > > I don't have that problem when I visit: > https://addons.mozilla.org/en-US/firefox/ > > Do you perhaps have some kind of malicious redirection going on there? > > -- > Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] perspectives is not installed. I've never taken the default and added a cert that was not in the firefox trusted list... (at least on a permanent basis) Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.2) Gecko/2008091618 Firefox/3.0.2 and yes, a redirect might be in play - except this happens w/ multiple, different caches (fm the house, work, panera, starbucks and even "the cows end") --bill - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: unintended?
On Fri, Nov 14, 2008 at 01:26:29PM +, [EMAIL PROTECTED] wrote: > (snicker) from the local firefox > > > en-us.add-ons.mozilla.com:443 uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is not trusted. > > (Error code: sec_error_untrusted_issuer) What does Perspectives have to say? What installation of Firefox did you use? I don't have that problem when I visit: https://addons.mozilla.org/en-US/firefox/ Do you perhaps have some kind of malicious redirection going on there? -- Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ] John Kenneth Galbraith: "If all else fails, immortality can always be assured through spectacular error." pgpmgpO99DbkE.pgp Description: PGP signature
Re: unintended consequences?
> Does that mean that the new fiber is less tappable? Somehow, I suspect that Corning and the relevant authorities have been in touch to work out any problems. Corning is a politically very well connected company. Amory Houghton, a member of the family that has controlled the company since its founding in 1851, was company CEO from 1965-84, and was then the member of Congress from my district from 1986-2005. His father was CEO and later ambassador to France. His grandfather was CEO and later member of Congress and then ambassador to first Germany and later Britain. You get the idea. R's, John - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: unintended consequences?
Steven M. Bellovin wrote: > Does that mean that the new fiber is less tappable? No change, notwithstanding anecdotal references on fiber bending as used for tapping. Tapping a fiber can be done without much notice by matching the index of refraction outside the outer fiber layer, after abrasion and etching to reach that layer. There is no need for bending, which might not be physically possible (eg, in a thick cable bundle), would increase propagation losses beyond that caused by the tapped signal power itself, and might create detectable backward propagating waves (BPWs are monitored to detect fiber breach). Low-loss taps are essential. A tap must extract a portion of the through-signal. This, however, should not have the effect of significantly reducing the level of the remaining signal. For example, if one-quarter of the incident signal is extracted, then there is a 1.25 db loss in the remaining through-signal, which can easily be detected. Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]