[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 02 May 2013 04:55:09 +0100 Simon Waters <simon@xxxxxxxxxxxxxx> wrote: Hello Simon, >I've not seen Google serving expired or otherwise invalid certificates, >and reports of such are few and far between since 2010. If Brad has >details... I didn't mean expired certs. Sorry if I gave that impression. Google roll out their new certs over a period of weeks, meaning they have two certs in use, both valid, both unexpired. It might not be wrong, per se, but it's a dumb idea, IMO. >Curiously I'm planning to move email to Google precisely because they >do a better job on this sort of thing than I do. Clearly people who >understand security at the helm and with time to track down when the Not fully, given their use of two certs at certain times. It increases the possibility of a man in the middle attacker's fake cert being accepted as valid, if only out of frustration at having to evaluate every cert change and just blindly accepting the new cert as valid, and thereby compromising an account. >like, which lets face it someone motivated and able is probably trying >to crack someone elses gmail account several times a minute. Yahoo accounts are much easier to get into, as evidenced by recent events that have affected members of this list. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" Two sides to every story Public Image - Public Image Ltd
Attachment:
signature.asc
Description: PGP signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq