On Fri, Jan 11, 2013 at 12:20 PM, Thierry Moreau
wrote:
> Jeffrey Walton wrote:
>>>
>>>
>
> More seriously, I agree that the questions raised by Jeffrey are relevant,
> and I support his main point. End-to-end security should make some sense,
> even today.
Also: are they doing it over WiFi or
On Jan 11, 2013, at 3:16 PM, Thierry Moreau wrote:
> John Kemp wrote:
>> [...] the _spirit_ of end-to-end semantics is violated here, I believe [...]
>
> Personally, I am not a spiritual cryptography believer.
For the purposes of HTTPS, you don't have to be; the encryption works as
specified.
John Kemp wrote:
[...] the _spirit_ of end-to-end semantics is violated here, I believe [...]
Personally, I am not a spiritual cryptography believer.
--
- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit
On Thu, Jan 10, 2013 at 6:59 PM, Jon Callas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Others have said pretty much the same in this thread; this isn't an MITM
> attack, it's a proxy browsing service.
>
> There are a number of "optimized" browsers around. Opera Mini/Mobile, Amaz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Jan 10, 2013, at 4:47 PM, Peter Gutmann wrote:
> Jon Callas writes:
>
>> Others have said pretty much the same in this thread; this isn't an MITM
>> attack, it's a proxy browsing service.
>
> Exactly. Cellular providers have been doing this f
On 11/01/13 21:57 PM, Jeffrey Walton wrote:
On Fri, Jan 11, 2013 at 12:20 PM, Thierry Moreau
wrote:
Jeffrey Walton wrote:
More seriously, I agree that the questions raised by Jeffrey are relevant,
and I support his main point. End-to-end security should make some sense,
even today.
I think
On Jan 11, 2013, at 1:53 PM, Jeffrey Walton wrote:
> One of the things I find most befuddling: the industry has conditioned
> many folks to accept this sort of thing as "normal"
> (Proxy/Interception on a "secure' channel"), even when those same
> folks know better. Its seems to be a repeat of bro
On Fri, Jan 11, 2013 at 12:20 PM, Thierry Moreau
wrote:
> Jeffrey Walton wrote:
>>>
>>> ...
>> Perhaps they should be using the evil bit in the TCP/IP header to
>> indicate someone (or entity) is tampering with the secure channel?
>> https://tools.ietf.org/html/rfc3514.
>
> That's an April 1st RFC
On Fri, Jan 11, 2013 at 1:39 PM, Adam Back wrote:
> For http there is a mechanism for cache security as this is an issue that
> does come up (you do not want to cache security information or responses
> with security information in them, eg cookies or information related to one
> user and then hav
For http there is a mechanism for cache security as this is an issue that
does come up (you do not want to cache security information or responses
with security information in them, eg cookies or information related to one
user and then have the proxy cache accidentally send that to a different
us
Jeffrey Walton wrote:
How do we teach developers to differentiate between the good
"men-in-the-middle" vs the bad "man-in-the-middle"?
According to another post by Peter, good ones would be based on
anonymous D-H.
Perhaps they should be using the evil bit in the TCP/IP header to
indicate
On Fri, Jan 11, 2013 at 10:04 AM, Jeffrey Walton wrote:
> On Thu, Jan 10, 2013 at 7:47 PM, Peter Gutmann
> wrote:
>> Jon Callas writes:
>>
>>>Others have said pretty much the same in this thread; this isn't an MITM
>>>attack, it's a proxy browsing service.
>>
>> Exactly. Cellular providers have
On Thu, Jan 10, 2013 at 7:47 PM, Peter Gutmann
wrote:
> Jon Callas writes:
>
>>Others have said pretty much the same in this thread; this isn't an MITM
>>attack, it's a proxy browsing service.
>
> Exactly. Cellular providers have been doing this for ages, it's hardly news.
>
> (Well, OK, given h
13 matches
Mail list logo