[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk

To: DCLUG ML <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
From: Brad Rogers <brad@xxxxxxxxxxxx>
Date: Thu, 2 May 2013 11:16:29 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEW5ojcDAQL/9AAMBwbz70aBQhz8+tX99Avf3znCzS2LXIwlAAACYklEQVQ4jV2UTYucQBCGa0dUvKWRuS9NlqZvmsZd8gdybld6h70JYZocB2Hi9nUJCbmJYZD+t6lqnQ+3Tk49VtVbHw7wW+uuj7ACm1swpAMcDuBgggzEAVI/HTKHAH/CCRmkAPEA9BMdHITZxeYkdvSkYxMbbXRmThShtTje73p90AAmBtA7iGME5jXjx6MBfNXAESM2cAoRswkfpMrNVRVZfzAm61adEBBGKcZUumqJwD8W7PUjeChnsO0+gJotVtxODLg8+1lOHjGKdAYPF8BIq+vkAqIr+IKOUYxOYCiIO5aT2qWI7KQf/EgRd6wqIpUr1LZF4L13kiJcvTVJ1LzsMWWOb3LvJxdAWYBt97ZNSpY/Y8jgspBKlo92NsPyDQVgdVL1UBYLaEtsRI7j0vk9OwP7HVP1/AzkFUT5josZdAG0MIMaVUlqBdvEBtlL1FQJ+pMaa2Bd52egEgNNYaMyV59QlOikxLFw+KWsUVVllSrVE+eZ9zI0AlFk9xoTVaasnrjIPA4rJfDNWPuDSoMqvnKZeS6dHwjEySL2cV/RDKeJ945Am1waLILUefXw8wqiJ1rt+Rg+X0FDqx2oPXkBTfxo2wanISdqz9EGTwT2OPy2ouPlEzUTriSkQm0t3ZWYvPNp2Pn9y1JiH+bqwPtxBjj2RhmwcVDjcSh9F1KF0bbGmhDgpy5IxuIK14HS2nDt/nLUgymL37aFxDyvPwMdl/ksWK8/Aw112DreSLW7BQANoxC6bbVZgZhc81lX3QrgZmu1VapSlX6b+i7t//bv9MfRVKpGSEC9Ivjz9ta//wdcwQNYY87gKwAAAABJRU5ErkJggg==

On Thu, 2 May 2013 10:20:58 +0100
Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:

Hello Martijn,

>I'm willing to give Google the benefit of the doubt here, especially
>if the do it consistently. I assume they have a good reason for doing
>so.

It's all very sensible from the point of view, I'm sure.  Of course,
there are plenty of people that find it odd, annoying or contrary to
safe practise.

>You make it sound like they change certificates twice a day. 'Normal

This change over cycle has occurred twice within the last year.  It
lasts a few days until the new certificate is rolled out over all their
servers.

>users', for whom this kind of thing could indeed be a problem, should
>never have to accept a certificate anyway.

Maybe not, but that means blindly accepting *all* certs as valid.
That's unwise, at best.

>They are, but I'm still not sure whether this means that they can get
>in any Yahoo account, or that they can easily crack a lot of seemingly
>random accounts. The latter is pretty useful if you're a spammer but

I've only seen evidence of random accounts used for spamming rather
than attacks targeted at specific accounts.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
An old custom to sell your daughter
Hong Kong Garden - Siouxsie & The Banshees

Attachment: signature.asc
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
- From: Martijn Grooten

References:
- Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Waters
- Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten

Prev by Date: Re: [LUG] Avatars and advertising
Next by Date: Re: [LUG] OT: legal (was: Avatars and advertising)
Previous by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Next by thread: Re: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
Index(es):
- Date
- Thread