Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] French Government doing SSL MITM

Maxim Kammerer mk at dee.su
Sun Dec 8 09:51:50 PST 2013


On Sun, Dec 8, 2013 at 6:14 PM, andrew cooke <andrew at acooke.org> wrote:
> Despite it being used on a private network, and with user consent, it is
> reportedly a violation of procedures.  Google classify it as a "serious
> breach".

First, it doesn't matter how Google classifies the violation, as it is
a private company that does not hold any definitive authority on the
matter, regardless of whatever spin they try to put on their blog
posts.

Now, it's possible that the French can't be trusted with properly
handling intermediate CAs, and that as a result ANSSI should be held
responsible and have its IGC/A root certificates [1–2] revoked from
browsers' trusted stores, but it doesn't mean that the incident is
some case of a government agency trying to covertly spy on citizens or
employees.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=477147
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=693450

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte



More information about the liberationtech mailing list