[prev in list] [next in list] [prev in thread] [next in thread]
List: cryptography-randombit
Subject: Re: [cryptography] Gogo inflight Internet uses fake SSL certs to MITM their users
From: Jon Callas <jon () callas ! org>
Date: 2015-01-08 23:57:08
Message-ID: 4193B78B-955D-48EA-8E4C-CB085EDCB1A3 () callas ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Jan 8, 2015, at 3:37 PM, John Levine <johnl@iecc.com> wrote:
>
> Do the fake certs validate in web browsers?
No, they do not validate.
If you go (went) to a Youtube, Vimeo, etc. site, URL, embedded whatever, you'd get \
the expected browser cert failure error.
> If so, who's giving them fake
> *.google.com certs?
I apologize for being a smartass on this, especially since the premise of your \
conditional is false. But I just can't resist; please take this with the humor I \
offer it with:
https://www.google.com/search?q=how+do+I+use+openssl+to+generate+a+certificate
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii
wsBVAwUBVK8ZcvD9H+HfsTZWAQhklQf+PFg6a0O6ap3ewKH4hLMz2vGaoDC3d+Ye
HN5LYlvjdQsHqYgizc9QFHdT0/y9ZdWcpS99heaUeYPaGsMxoEId+WfCMfpUj6UD
683KSegfPq+lGev3MHaX6t0Eq0j+VojFuBdRHQ3HyRrnuNgT8yxfs9jnpQS/2AKh
EBbuxS4hB5Ar8pwJdHTjgxjjqqLif0ouhL+GFsWUbAq6RsEIVowcoSNXqzgeRPkr
1b25hk2MlebkZssr7L6PGfNKr6cpDccUCjIdXBBMsG/C7ZLg5W0oqQCiirsOYOk6
Kt2gKL/cDDEezdcbSn9cFtklI35RLXJoM3Oty/iEVzXYuibaHcyqiQ==
=6PT0
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic