BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] comcast wifi question

Subject: [Discuss] comcast wifi question
From: blu at nedharvey.com (Edward Ned Harvey (blu))
Date: Wed, 12 Nov 2014 12:02:33 +0000
In-reply-to: <CAAbKA3UwUnfjUg9pYKNStzy8hDqLDNvBuXwE7B_P-zjR286UUA@mail.gmail.com>
References: <545971EF.5030400@gmail.com> <545976F5.6040907@gmail.com> <545AC024.1000408@gmail.com> <f317a6efafe346ce86d7064639bdcd09@BN3PR0401MB1204.namprd04.prod.outlook.com> <CAAbKA3Vjik8V3Ht55ofjjaZutkMrpLQPq9vj6AYwvzdEViz9tQ@mail.gmail.com> <45d3a65fc8644be287cb6b9bc967476c@BN3PR0401MB1204.namprd04.prod.outlook.com> <CAAbKA3XfURc8Ca=0Cydwo7RoHLdoqeMSZdvwUpi8c4tgOpN2xQ@mail.gmail.com> <5462A0DF.2040800@gmail.com> <CAAbKA3UwUnfjUg9pYKNStzy8hDqLDNvBuXwE7B_P-zjR286UUA@mail.gmail.com>

> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Bill Ricker
> 
> On Tue, Nov 11, 2014 at 6:50 PM, Richard Pieri <richard.pieri at gmail.com>
> wrote:
> > Nutshell version: pinning is what SSH has been doing with host keys since
> > the get-go.
> 
> Yes, that.
> 
> ( Can't imagine why this wasn't done day 1 for HTTPS also unless they
> thought the initial set of CAs would have indefinite oligopoly. )

Maybe I missed your point - Pinning is impractical for two reasons, which is really one reason:  There's the initial trust issue, and a re-assertion of the initial trust issue every time the server changes their key.  It is normal for a server to change their cert from time to time, and it is also normal for a client to browse to this site for the first time.

It is funny, that Google, Apple, Mozilla all have these crazy ridiculous list of CA's that they trust.  And ironic that Microsoft is the only one who's reasonable.

References:
- [Discuss] comcast wifi question
  - From: eric.chadbourne at gmail.com (Eric Chadbourne)
- [Discuss] comcast wifi question
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] comcast wifi question
  - From: eric.chadbourne at gmail.com (Eric Chadbourne)
- [Discuss] comcast wifi question
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] comcast wifi question
  - From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] comcast wifi question
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] comcast wifi question
  - From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] comcast wifi question
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] comcast wifi question
  - From: bill.n1vux at gmail.com (Bill Ricker)

Prev by Date: [Discuss] comcast wifi question
Next by Date: [Discuss] comcast wifi question
Previous by thread: [Discuss] comcast wifi question
Next by thread: [Discuss] comcast wifi question
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.