Re: Semantics of HTTPS

On 07.08.2012 13:12, Stephen Farrell wrote:
> On 08/07/2012 01:45 AM, Amos Jeffries wrote:
>>
>> Today those rights are just words on a piece of paper describing 
>> some
>> fantasy land that does not exist. Recalls marks assumption that he
>> *knew* CONNECT provided end-to-end security. Mark you live in .au 
>> still?
>> then your CONNECT is being decrypted. .cn, .sa, .in. .us, rq? same.
>
> I think evidence of that would be useful.
>
> Thanks,
> S.

That was a quick scan of my inbox from what appear to be national 
teleco types asking how to debug problems in their Squid ssl-bump MITMs 
over the last ~6 months. ssl-bump being a feature which is rather 
non-discriminative about what it decrypts. Along the lines of that raven 
list argument "why is it not wiretapping if only 92% of packets are 
captured?"

AYJ

Received on Tuesday, 7 August 2012 01:25:37 UTC