- Forwarded message from Damian Menscher dam...@google.com -
From: Damian Menscher dam...@google.com
Date: Wed, 2 Jan 2013 21:14:31 -0800
To: valdis.kletni...@vt.edu
Cc: John Levine jo...@iecc.com, na...@nanog.org
Subject: Re: Gmail and SSL
On Wed, Jan 2, 2013 at 8:52 PM,
- Forwarded message from Maxim Khitrov m...@mxcrypt.com -
From: Maxim Khitrov m...@mxcrypt.com
Date: Thu, 3 Jan 2013 09:01:09 -0500
To: Damian Menscher dam...@google.com
Cc: na...@nanog.org
Subject: Re: Gmail and SSL
On Thu, Jan 3, 2013 at 12:14 AM, Damian Menscher dam...@google.com
I would like to would like to invite you to an important gathering that
mixes digital inclusion for diverse community voices, neighborhood and
civic engagement, and open government.
I will be in town briefly to lead the session. A similar gathering in
Seattle was a big success with dozens of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Free ISP a French ISP with approx. 5M subs has blocked, by default, all web
based advertisements being served to their fixed-line Internet subscribers. [1,
2]
As a consumer, I would be very happy about it. As a Internet neutrality
(whatever you
Hello everybody,
Just want to add some precisions :
- Not all web based advertisements are blocked. Blocking is done with a
blacklist of IP addresses.
- It is done on the CPE level, not in the core network of Free.
This story is quite shaking the french interwebs and i was like Bernard at
In contrast to the recent Forbes article that was widely trashed here,
this seems to be generally sound advice
http://advocacy.globalvoicesonline.org/2012/12/31/10-new-years-resolutions-to-browse-the-internet-safely-in-2013/
--
Necessity is the plea for every infringement of human freedom.
It
Of course, for my first post on this awesome mailing list, I had to do such a
silly mistake to invert opt-in and opt-out.
To sum up :
Acceptable with opt-out : No.
Acceptable with passive opt-in : No.
Acceptable with active opt-in : Yes.
By the way, I take a moment to introduce myself :
I'm
Salut Bernard ;)
According to the last news we got, it wouldn't be an IP blacklist but a
solution based on dnsmasq (running on the CPE aka Freebox).
We don't have any info on who is on the blacklist, but it's maintained by
Free itself with little doubt.
Oh sorry i wasn't clear ... Free's owner,
Am 03.01.2013 19:30, schrieb Julien Rabier:
My current state of mind is :
- Is it an acceptable net neutrality violation if it's done on an opt-out
basis ? Yes.
The question is at which level it took place. Client-side filtering is
generally no issue,
including issue related to default
Yeah, this seems like a better article =)
NK
On Thu, Jan 3, 2013 at 8:34 PM, Wayne Moore wmo...@stanford.edu wrote:
In contrast to the recent Forbes article that was widely trashed here,
this seems to be generally sound advice
Hi all,
I'm working on a checklist/guidelines type document that aims to help
technical folks new to the LibTech arena audit applications to
identify weaknesses; and also help app developers look at the various
ways their application, stack and service providing may be weak. It is
not a every box
On Wed, Dec 26, 2012 at 01:45:00AM -0500, bobal...@lavabit.com wrote:
Comments and suggestions would be appreciated. Happy holidays!
A suggested addition, perhaps not worded as succinctly as it could be:
*Third-party Infrastructure*
Some tools, perhaps nearly all tools, rely on third parties
Thank you for sharing your report, Rafal. I read it with great interest.
I see that you devoted about a third of this report to Internet
surveillance in Turkmenistan, but you don't mention Gamma or Finfisher
even once. The discovery that Gamma International's products were being
used to spy on
I think that is a wonderful checklist! Perhaps also add:
* Make sure tool has been audited and that the audit results have been
published,
* Take into consideration the accessibility of the tool to potential third
parties that may need it.
Sorry if any of the above points have already been
Another CA has been found issuing SSL certificates for Google services.
Mozilla has acted on the issue:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
The weird thing is that it's starting to appear less and less crazy to just
get rid of the CA system
..on Fri, Jan 04, 2013 at 03:09:41AM +0200, Nadim Kobeissi wrote:
Another CA has been found issuing SSL certificates for Google services.
Mozilla has acted on the issue:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
The weird thing is that it's
Honestly, a full and transparent audit of all CAs and vendors would be
better. If every CA had to list which sites it had issued certificates
for, a few dozen would probably shake out with fake certs for Google or
Apple.
I don't think Convergence is the solution, unfortunately.
~Griffin
On
I noticed a Stanford project for setting up browser-based, ephemeral Tor
proxies. In their words, the purpose of this project is to create many,
generally ephemeral bridge IP addresses, with the goal of outpacing a
censor's ability to block them.
The core idea is that volunteers outside a
Nadim,
I think its about time to have CA´s be peer accredited institutes
(EFF/tor/access now/my brother´s sister´s cousin/ whoever) issuing free
or at least at cost certs. That being said, I don´t think certs are very
good at preventing mitm anyway, that might be the case if a majority of
users
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl wrote:
you don´t know who I am, but only we know what we´re telling each other.
So essentially you and Nadim are arguing that, since CAs fail some of the
time, we should get rid of the whole system and end up in the same
One point: Most of the Iranian banks have bought SSL certification from
TurkTrust.
Sent from my iPhone
On 4 Jan 2013, at 01:41, Collin Anderson col...@averysmallbird.com wrote:
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl wrote:
you don´t know who I am, but only we
On 1/3/13 5:25 PM, Steve Weis wrote:
I noticed a Stanford project for setting up browser-based, ephemeral
Tor proxies. In their words, the purpose of this project is to
create many, generally ephemeral bridge IP addresses, with the goal
of outpacing a censor's ability to block them.
I'm
On 01/04/2013 02:41 AM, Collin Anderson wrote:
On Thu, Jan 3, 2013 at 5:26 PM, Ruben Bloemgarten ru...@abubble.nl
mailto:ru...@abubble.nl wrote:
you don´t know who I am, but only we know what we´re telling each
other.
So essentially you and Nadim are arguing that, since CAs fail
Here's a perspective on the project and its current challenges from
Jacob Appelbaum and Roger Dingledine's Tor ecosystem talk at 29C3:
http://www.youtube.com/watch?v=Rnbc_9JnVtcfeature=youtu.bet=1h8s
gf
On 1/3/13 7:25 PM, Steve Weis wrote:
I noticed a Stanford project for setting up
Yes, the system is vulnerable to client enumeration if there are few
facilitators and proxies. If there are many facilitators and proxies, then
the adversary needs to discover facilitators, constantly poll them, and
compete with legitimate proxies to learn client IPs.
They won't discover every
Thank you all for the suggestions and comments.
Revisions and additions will be made with appropriate attribution.
With reference to the applicability of a checklist, are there any
free/accessible and discreet services that assist with tool selection?
That's a useful checklist, thanks. Are
Sometime between December 5 and December 8 last year, Google made a
surprising decision that hasn’t yet been reported. They decided to remove a
feature which had previously informed users from China of censored
keywords. At the same time, they deleted the help article which explained
how to use
27 matches
Mail list logo