D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk

 

On Thu, 2 May 2013 10:20:58 +0100
Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:

Hello Martijn,

>I'm willing to give Google the benefit of the doubt here, especially
>if the do it consistently. I assume they have a good reason for doing
>so.

It's all very sensible from the point of view, I'm sure.  Of course,
there are plenty of people that find it odd, annoying or contrary to
safe practise.

>You make it sound like they change certificates twice a day. 'Normal

This change over cycle has occurred twice within the last year.  It
lasts a few days until the new certificate is rolled out over all their
servers.

>users', for whom this kind of thing could indeed be a problem, should
>never have to accept a certificate anyway.

Maybe not, but that means blindly accepting *all* certs as valid.
That's unwise, at best.

>They are, but I'm still not sure whether this means that they can get
>in any Yahoo account, or that they can easily crack a lot of seemingly
>random accounts. The latter is pretty useful if you're a spammer but

I've only seen evidence of random accounts used for spamming rather
than attacks targeted at specific accounts.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
An old custom to sell your daughter
Hong Kong Garden - Siouxsie & The Banshees

Attachment: signature.asc
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq