On Mon, Jan 7, 2013 at 3:15 AM, ianG i...@iang.org wrote:
On 7/01/13 06:48 AM, Jeffrey Walton wrote:
On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst ryan.hu...@globalsign.com
wrote:
Yeah. Little known fact is that
Hi Ian,
Off list. I am so gad damn angry at myself for seeing this sooner. It
all makes sense now.
OT: Habe you read http://www.amazon.com/dp/1420059815? Perhaps you
contributed or technical edited?
Thanks again for your insight.
Jeff
On Mon, Jan 7, 2013 at 3:15 AM, ianG i...@iang.org wrote:
On 7/01/13 14:15 PM, Jeffrey Walton wrote:
Hi Ian,
Off list.
I suspect not. No matter.
iang
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Mon, Jan 7, 2013 at 3:15 AM, ianG i...@iang.org wrote:
...
Yeah. Little known fact is that Mozilla maintains confidential discussions
with the CAs. The open group is basically theater, it has been totally
owned by the CAs for many years. Mozilla routinely reports no meetings,
minutes,
On 7/01/13 15:31 PM, Jeffrey Walton wrote:
On Mon, Jan 7, 2013 at 3:15 AM, ianG i...@iang.org wrote:
...
Yeah. Little known fact is that Mozilla maintains confidential discussions
with the CAs. The open group is basically theater, it has been totally
owned by the CAs for many years.
On 2013-01-07 10:31 PM, Jeffrey Walton wrote:
In addition,
Mozilla does not make money form the CAs.
What is in it for Mozilla?
What was in it for Banking Committee Senators Jon Corzine, Chris Dodd,
and Kent Conrad, and Fannie May CEO Jim Johnson?
On Fri, Jan 4, 2013 at 6:40 PM, d...@geer.org wrote:
you may have already seen this, but
http://www.bbc.co.uk/news/technology-20908546
Cyber thieves pose as Google+ social network
...
The fake ID credentials have been traced back to Turkish security
firm TurkTrust which mistakenly
On Sat, Jan 5, 2013 at 4:23 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst ryan.hu...@globalsign.com wrote:
In the future, we won't need their honesty. Or the 'honesty' they want
use to perceive.
Did anyone really think a CA would risk a
Hi,
On 01/05/2013 12:29 PM, Ben Laurie wrote:
Unless all the people who saw it happened to be running Chrome, then
it seems quite likely it was used maliciously, surely?
The problem is that there are many values that both legitimately and
maliciously can take. Turktrust's argument seems to be
HI all,
On 5/01/13 15:55 PM, Ralph Holz wrote:
On 01/05/2013 12:29 PM, Ben Laurie wrote:
Unless all the people who saw it happened to be running Chrome, then
it seems quite likely it was used maliciously, surely?
The problem is that there are many values that both legitimately and
I have no more information than the rest of you but my read of what they
published is that this was not a 'legitimate MITM' case.
It sounds to me as if they are saying a customer installed a previously
purchased certificate on a firewall for a legitimate purpose -- possibly
administration or
Just to top-post on that - I did read up on a lot more references [0],
and I see that the claim is that the CA concerned issued the
intermediates by mistake. They caught one of them later on and fixed
it. The second they did not catch.
The holder of the second intermediate then installed it
Ian, I do agree with you that the dynamic configurations of them firewall is
the most suspect part of the story.
I'm inclined to give them the benefit of the doubt based on my experience
managing some UI related efforts inside of Windows -- aka today modern software
makes an effort to intuit
On Sat, Jan 5, 2013 at 3:26 PM, Ryan Hurst ryan.hu...@globalsign.com wrote:
Ian, I do agree with you that the dynamic configurations of them firewall is
the most suspect part of the story.
I'm inclined to give them the benefit of the doubt based on my experience
managing some UI related
I've been unable to find a screenshot but this FAQ does suggest that there is
an explicit action required to enable HTTPS inspection:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=solutionid=sk65123
As for what appropriate consequences are for
On Sat, Jan 5, 2013 at 3:59 PM, Ryan Hurst ryan.hu...@globalsign.com wrote:
I've been unable to find a screenshot but this FAQ does suggest that there
is an explicit action required to enable HTTPS inspection:
It's still not clear it was willful; For example maybe they were using an
enterprise CA enable the MiTM for their machines / enterprise users who knew
the traffic was monitored and to fix some user reported problem they made a
configuration mistake.
After all in the end these are just Base64
2013/1/5 Ryan Hurst ryan.hu...@globalsign.com
I've been unable to find a screenshot but this FAQ does suggest that there
is an explicit action required to enable HTTPS inspection:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=solutionid=sk65123
Erwann,
The text in that FAQ refers to the administrator enabling HTTPS inspection, my
assumption is that for there to be FAQ references it is 'obvious' in the UI
that it can be enabled.
That said I don't disagree with most of what you said below.
Ryan Hurst
Sent from my phone, please
you may have already seen this, but
http://www.bbc.co.uk/news/technology-20908546
Cyber thieves pose as Google+ social network
The lapse let cyber thieves trick people into thinking they were
on Google+ Continue reading the main story Related Stories
Cyber-warriors join treasure hunt Insecure
On Fri, Jan 4, 2013 at 6:40 PM, d...@geer.org wrote:
you may have already seen this, but
http://www.bbc.co.uk/news/technology-20908546
Cyber thieves pose as Google+ social network
The lapse let cyber thieves trick people into thinking they were
on Google+ Continue reading the main story
FYI the article was changed post Dans mail and no longer contains the
unsubstantiated references to malicious use quoted in the bellow.
Ryan
Sent from my phone, please forgive the brevity.
On Jan 4, 2013, at 8:30 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Jan 4, 2013 at 6:40 PM,
22 matches
Mail list logo
