RE: [FORGED] Re: [FORGED] Re: Nation State MITM CA's ?

On Tue, 12 Jan 2016, Peter Gutmann wrote: Or we ensure that firefox and chrome refuses to see those sites at all, because they refuse a downgrade attack. So users will switch to whatever browser doesn't block it, because given the choice between connecting to Facebook insecurely or not

Re: [FORGED] Re: [FORGED] Re: Nation State MITM CA's ?

It really isn't a good idea for Mozilla to try to mitigate the security concerns of people living in a police state. The cost of doing so is you will set precedents that others demand be respected. Yes providing crypto with a hole in it will be better than no crypto at all for the people who

Re: [FORGED] Re: [FORGED] Re: Nation State MITM CA's ?

The Mozilla Trusted Root program can and should police violations of the Mozilla Trusted Root program, and any other fraudulent *publicly trusted* certificates. That's non-controversial. Policing violations of more general social norms -- by choosing to actively distrust non-publicly-trusted

Re: [FORGED] Re: [FORGED] Re: Nation State MITM CA's ?

On Tue, Jan 12, 2016 at 11:46 AM, Jakob Bohm wrote: > On 12/01/2016 16:49, Phillip Hallam-Baker wrote: >> >> It really isn't a good idea for Mozilla to try to mitigate the >> security concerns of people living in a police state. The cost of >> doing so is you will set

RE: [FORGED] Re: [FORGED] Re: Nation State MITM CA's ?

Paul Wouters writes: >> If you disallow the cert and turn off encryption, Borat can still read >> everyone's traffic, but so can everyone else on the planet. > >Who said "turn off encryption"? If you don't allow the MITM cert, which is needed to enable encryption in the