W3C home > Mailing lists > Public > www-tag@w3.org > March 2015

Re: Google warns of unauthorized TLS certificates trusted by almost all OSes

From: Marc Fawzi <marc.fawzi@gmail.com>
Date: Tue, 24 Mar 2015 16:56:19 -0700
Message-ID: <CACioZituT9C0HGzuzfO4yDpmjo6aBGO9mM1jVb2_FXX73Xsv=A@mail.gmail.com>
To: Daniel Appelquist <appelquist@gmail.com>
Cc: TAG List <www-tag@w3.org>
<<Defenders of the current system for acquiring and revoking TLS
certificates have recently chafed in response to statements from this author
<https://twitter.com/ivanristic/status/578536108662861824> that it's
*hopelessly
broken*. Besides remembering that almost all of these critics have a strong
financial interest in the way the system works now
>>

What prevents a state spy agency from MITM-ing your HTTPS connection? Why
don't you answer that?

And why would you refer to the comment I made as "alarmist" (in dismissive
tone, no less) given the situation is factually _alarming_?





On Tue, Mar 24, 2015 at 12:42 PM, Daniel Appelquist <appelquist@gmail.com>
wrote:

> Excuse me?
>
> Marc – can you please refrain from making alarmist, nonsensical
> flame-baiting comments like this on our mailing list? Probably this sort of
> thing would be more sensibly expressed on Twitter or similar?
>
> Thanks,
> Dan
>
> On 24 Mar 2015, at 16:47, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>
> A classic "we told you so" moment for "HTTPS everywhere" promoters and now
> state surveillance is baked into HTTP2.0
>
> Sent from my iPhone
>
> On Mar 24, 2015, at 9:31 AM, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
> FYI:
>
>
> http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/
>
>
>
>
Received on Tuesday, 24 March 2015 23:57:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:10 UTC