subject:"Re\: A web site that believes in crypto"

Re: A web site that believes in crypto

2007-01-14 Thread Victor Duchovni

On Wed, Jan 10, 2007 at 06:31:21PM -0500, Steven M. Bellovin wrote:

 I just stumbled on a web site that strongly believes in crypto --
 *everything* on the site is protected by https.  If you go there via
 http, you receive a Redirect.  The site?  www.cia.gov:
 
 $ telnet www.cia.gov 80
 Trying 198.81.129.100...
 Connected to www.odci.gov.
 Escape character is '^]'.
 GET / HTTP/1.0
 
 HTTP/1.0 301 Found 
 Location: https://www.cia.gov/

Their public email gateways don't believe in crypto nearly as much as
cs.columbia.edu does.

$ for d in cia.gov cs.columbia.edu; do
echo; dig +sho -t mx $d | sort +0n |
tee /dev/tty |
perl -lne 'm{(\S+)\.$}  print $1' |
while read h; do echo; smtp-finger -t [$h] $d 21 |
perl -lne 'print unless (/^-{5}BEGIN/ .. /^-{5}END/);'; done; done

5 mail2.ucia.gov.
10 mail1.ucia.gov.

smtp-finger: Connected to mail2.ucia.gov[198.81.129.148]:25
smtp-finger:  220 mail2b.ucia.gov ESMTP
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-mail2b.ucia.gov
smtp-finger:  250-8BITMIME
smtp-finger:  250 SIZE 104857600

smtp-finger: Connected to mail1.ucia.gov[198.81.129.68]:25
smtp-finger:  220 mail1a.ucia.gov ESMTP
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-mail1a.ucia.gov
smtp-finger:  250-8BITMIME
smtp-finger:  250 SIZE 104857600

100 cs.columbia.edu.
200 ober.cs.columbia.edu.
200 opus.cs.columbia.edu.

smtp-finger: Connected to cs.columbia.edu[128.59.16.20]:25
smtp-finger:  220 cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) 
is thrilled to serve you at Sat, 13 Jan 2007 13:27:13 -0500 (EST).
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], 
pleased to meet you
smtp-finger:  250-ENHANCEDSTATUSCODES
smtp-finger:  250-PIPELINING
smtp-finger:  250-EXPN
smtp-finger:  250-VERB
smtp-finger:  250-8BITMIME
smtp-finger:  250-SIZE 2500
smtp-finger:  250-DSN
smtp-finger:  250-ETRN
smtp-finger:  250-STARTTLS
smtp-finger:  250-DELIVERBY
smtp-finger:  250 HELP
smtp-finger:  STARTTLS
smtp-finger:  220 2.0.0 Ready to start TLS
smtp-finger: certificate verification failed for 
cs.columbia.edu[128.59.16.20]:25: untrusted issuer /C=US/O=Equifax Secure 
Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: TLSv1 connection to 
cs.columbia.edu(cs.columbia.edu[128.59.16.20]:25) with cipher 
DHE-RSA-AES256-SHA (256/256 bits)
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], 
pleased to meet you
smtp-finger:  250-ENHANCEDSTATUSCODES
smtp-finger:  250-PIPELINING
smtp-finger:  250-EXPN
smtp-finger:  250-VERB
smtp-finger:  250-8BITMIME
smtp-finger:  250-SIZE 2500
smtp-finger:  250-DSN
smtp-finger:  250-ETRN
smtp-finger:  250-AUTH PLAIN LOGIN
smtp-finger:  250-DELIVERBY
smtp-finger:  250 HELP
smtp-finger: Unverified: subject_CN=cs.columbia.edu, issuer=Equifax Secure 
Global eBusiness CA-1
smtp-finger: Server session id: 
8EA8B66A9DCCA0903BF75B7FC71316CE201330A0B1B09114FB6BE15E25AA9827
smtp-finger: Common Name: cs.columbia.edu: matched
---
Certificate chain
 0 
s:/C=US/O=cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT1305/OU=See
 www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a 
GeoTrust QuickSSL Premium(R) Certificate/CN=cs.columbia.edu
   i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1

smtp-finger: Connected to ober.cs.columbia.edu[128.59.18.100]:25
smtp-finger:  220 ober.cs.columbia.edu ESMTP Sendmail 
(8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:14 
-0500 (EST).
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], 
pleased to meet you
smtp-finger:  250-ENHANCEDSTATUSCODES
smtp-finger:  250-PIPELINING
smtp-finger:  250-EXPN
smtp-finger:  250-VERB
smtp-finger:  250-8BITMIME
smtp-finger:  250-SIZE 2500
smtp-finger:  250-DSN
smtp-finger:  250-ETRN
smtp-finger:  250-STARTTLS
smtp-finger:  250-DELIVERBY
smtp-finger:  250 HELP
smtp-finger:  STARTTLS
smtp-finger:  220 2.0.0 Ready to start TLS
smtp-finger: certificate verification failed for 
ober.cs.columbia.edu[128.59.18.100]:25: untrusted issuer /C=US/O=Equifax Secure 
Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: TLSv1 connection to 
ober.cs.columbia.edu(ober.cs.columbia.edu[128.59.18.100]:25) with cipher 
DHE-RSA-AES256-SHA (256/256 bits)
smtp-finger:  EHLO amnesiac.ms.com
smtp-finger:  250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], 
pleased to meet you
smtp-finger:  250-ENHANCEDSTATUSCODES
smtp-finger:  250-PIPELINING
smtp-finger:  250-EXPN
smtp-finger:  250-VERB
smtp-finger:

Re: A web site that believes in crypto

2007-01-13 Thread Erik Tews

Am Mittwoch, den 10.01.2007, 18:31 -0500 schrieb Steven M. Bellovin:
 I just stumbled on a web site that strongly believes in crypto --
 *everything* on the site is protected by https.  If you go there via
 http, you receive a Redirect.  The site?  www.cia.gov:

http://www.trustedcomputing.org/ does this for some time now.

A lot of years ago, http://www.ccc.de/ (german hacker club, something
like 2600 in the usa) switched to https only, but switched back to http
later. This happened when netscape 4.x was the most common browser and a
lot of users had problems with https.


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Re: A web site that believes in crypto

Re: A web site that believes in crypto

2 matches

Site Navigation

Mail list logo

Footer information