[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
From: andrew@xxxxxxxxxxxxxx
Date: Sun, 4 Sep 2011 00:34:24 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Sep 2011 00:34:38 -0400
In-reply-to: <CAD8GWsv3-wt41_EQJCfMJZ2Uob9SWaTLqxmrPLCNzoDhMYN8DA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
References: <20110902125555.163220@xxxxxxx> <4E60E813.1060409@xxxxxxx> <20110902171101.GA6618@sescenties> <CAC+VsLuHVypfqnyW=KPHdE6B83OmWYp0nauhpW-tzaoaQNh_Gw@xxxxxxxxxxxxxx> <20110902214612.GD17375@xxxxxxxxxxxxxxxx> <4E622E22.80501@xxxxxxx> <4E624F15.8080806@xxxxxxxxxxx> <4E627FB3.1020904@xxxxxxx> <CAD8GWsv3-wt41_EQJCfMJZ2Uob9SWaTLqxmrPLCNzoDhMYN8DA@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

On Sat, Sep 03, 2011 at 04:51:49PM -0400, ler762@xxxxxxxxx wrote 4.3K bytes in 111 lines about:
: My understanding is that the issue is common to all 'secured' web
: sites.   HTTP is trivially subverted; HTTPS needs a valid cert or the
: user clicking past a "No, I don't care about my security; go there
: anyway" warning before it can be subverted.

Just a fine point here, treat SSL as encryption between you and
something on the other end, not as authentication of the other end (nor
you if have client certs installed).

-- 
Andrew
pgp key: 0x74ED336B
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Achter Lieber
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Seth David Schoen
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Collin Anderson
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: andrew
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Netizio
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Lee

Prev by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Previous by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Index(es):
- Author
- Thread