On Tue, 6 Dec 2011 12:34:37 +0100
Adam Back wrote:
> Kids figure this stuff out getting through site restrictions on
> school wifi also. Some schools try to block popular web games.. eg
> runescape.
Let us not discourage either the children or the schools! This sounds
like an excellent way for
writes:
> > This is already standard practice for malware-laden sites, to
> > the extent that it's severely affecting things like Google Safe
> > Browsing and Facebook's link scanner, because Google and Facebook
> > always get to see benign content and only the end user gets the
> > malware.
>
>Th
> This is already standard practice for malware-laden sites, to
> the extent that it's severely affecting things like Google Safe
> Browsing and Facebook's link scanner, because Google and Facebook
> always get to see benign content and only the end user gets the
> malware.
This is the singl
Anyone have any more info on this?
Even just a CVE or 'fixed in' version would be helpful.
http://www.isoc.org/isoc/conferences/ndss/12/program.shtml#1a
Plaintext-Recovery Attacks Against Datagram TLS
Kenneth Paterson and Nadhem Alfardan We describe an efficient and
full plaintext recovery at
On 6 Dec, 2011, at 3:43 AM, ianG wrote:
> The promise of PKI in secure browsing is that it addresses the MITM. That's
> it, in a nutshell. If that promise is not true, then we might as well use
> something else.
Is it?
I thought that the purpose of a certificate was to authenticate the serv
Yes, Peter said the same, BUT do you think they have a valid cert chain? Or
is it signed by a self-signed company internal CA, and the company internal
CA added to the corporate install that you mentioned... Thats the cut off
of acceptability for me - full public valid cert chain on other people
On 6/12/11 21:52 PM, Florian Weimer wrote:
* Adam Back:
Are there really any CAs which issue sub-CA for "deep packet inspection" aka
doing MitM and issue certs on the fly for everything going through them:
gmail, hotmail, online banking etc.
Such CAs do exist, but to my knowledge, they are ent
Someone should re-test that Three 3g data + bluecoat content-filtering
-as-a-service with SSL and give us the cert if the answer is "interesting"
:)
Most of the parental control and site blocking things are trivially
breakable. For example my router can block domains .. but its mechanism is
idi
* Adam Back:
> Are there really any CAs which issue sub-CA for "deep packet inspection" aka
> doing MitM and issue certs on the fly for everything going through them:
> gmail, hotmail, online banking etc.
Such CAs do exist, but to my knowledge, they are enterprise-internal CAs
which are installed
* Ben Laurie:
> Given the recent discussion on Sovereign Keys I thought people might
> be interested in a related, but less ambitious, idea Adam Langley and
> I have been kicking around:
> http://www.links.org/files/CertificateAuthorityTransparencyandAuditability.pdf.
Why wouldn't the problem we
Earlier in the discussion there were questions about why a service provider
would want to MITM their customers. This has now been answered by a service
provider: It's to protect the children. From
http://patrick.seurre.com/?p=42
Three's policy with regards to filtering is intended to ensur
11 matches
Mail list logo
