[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Gmail/SSL

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Gmail/SSL
From: coderman <coderman@xxxxxxxxx>
Date: Mon, 10 Mar 2008 17:37:43 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 10 Mar 2008 21:37:47 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=LT6n7fUAL5b/1tm6XLKaxBDrLKjoJcyrNJKUlyw7klA=; b=IRZteC00d4HiqVU5xARdNU8ei9R2SAyFOOlU5Bm18zILARMIW1lj3XQkoKkQzEy4XmXbdKqek/x1DQmuNFaBfEC19qrePEEy8o8D2w2ayTCJ/RVTYOHK645q0AqxKiq/GTlcl8wopkLCcs+oZG4s+/q0dnBMHiRGjzIiOYdkZos=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qnZUEQfW9MCWQqyiiXzq26pkMfWXlScDs3ohSS+ToRYr6HGs+UEMqQfXcAuUoFHcoFoGeS5pEtVWWnsSJ9XGXNPA3Ux5MGuuvpM20coF7IA2ABeOD/3tVMNe37uQmozHFS7PvcWG1SX+/Z3iivgNBIzK2iSNQt2fvulgZQ4u6sM=
In-reply-to: <47D5103B.5000408@xxxxxxxxxxxxxxxxxx>
References: <1da45f2a0803091723i563a98a3tf4aecb00fcbf20cc@xxxxxxxxxxxxxx> <a46699dc0803091805m2d8a1851l9edff27e994ba564@xxxxxxxxxxxxxx> <a45400c30803092237x6ab69804j89aedc22fdb20d3e@xxxxxxxxxxxxxx> <47D5103B.5000408@xxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, Mar 10, 2008 at 2:40 AM, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> wrote:
> ... Just because a website is secure at the moment,
>  doesn't mean they wont make changes in future which leak your sessions.

managing this on your end transparently makes it impossible to
exploit.  you enforce policy of ssl/tls only, always, regardless of
how they may have implemented sessions and authentication on their
end.  (at worst, they break their service rendering it unusable
securely [DoS], rather than leaking your private information
[leakage/pwned]...)

>  It is considerably safer to use gmails secure imap/smtp services rather
>  than their webmail with Tor imo. More bandwidth friendly too.

agreed, though exit polices for these ports are not as plentiful...

best regards,

Follow-Ups:
- Re: Gmail/SSL
  - From: coderman

References:
- Gmail/SSL
  - From: Jonathan Addington
- Re: Gmail/SSL
  - From: John Kimble
- Re: Gmail/SSL
  - From: defcon
- Re: Gmail/SSL
  - From: Mike Cardwell

Prev by Author: Re: Defeat Exit Node Sniffing?
Next by Author: Re: Gmail/SSL
Previous by thread: Re: Gmail/SSL
Next by thread: Re: Gmail/SSL
Index(es):
- Author
- Thread