D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk

 

On Thu, 02 May 2013 04:55:09 +0100
Simon Waters <simon@xxxxxxxxxxxxxx> wrote:

Hello Simon,

>I've not seen Google serving expired or otherwise invalid certificates,
>and reports of such are few and far between since 2010. If Brad has
>details...

I didn't mean expired certs.  Sorry if I gave that impression.  Google
roll out their new certs over a period of weeks, meaning they have two
certs in use, both valid, both unexpired.  It might not be wrong, per
se, but it's a dumb idea, IMO.

>Curiously I'm planning to move email to Google precisely because they
>do a better job on this sort of thing than I do. Clearly people who
>understand security at the helm and with time to track down when the

Not fully, given their use of two certs at certain times.  It increases
the possibility of a man in the middle attacker's fake cert being
accepted as valid, if only out of frustration at having to evaluate
every cert change and just blindly accepting the new cert as valid, and
thereby compromising an account.

>like, which lets face it someone motivated and able is probably trying
>to crack someone elses gmail account several times a minute.

Yahoo accounts are much easier to get into, as evidenced by recent
events that have affected members of this list.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Two sides to every story
Public Image - Public Image Ltd

Attachment: signature.asc
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq