From owner-freebsd-questions@FreeBSD.ORG Fri Jan 9 20:40:53 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 342FD1065807 for ; Fri, 9 Jan 2009 20:40:53 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-305.bluehost.com (outbound-mail-305.bluehost.com [67.222.53.251]) by mx1.freebsd.org (Postfix) with SMTP id F367D8FC25 for ; Fri, 9 Jan 2009 20:40:52 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 5004 invoked by uid 0); 9 Jan 2009 20:37:40 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by outboundproxy6.bluehost.com with SMTP; 9 Jan 2009 20:37:40 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Received:Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=ldbfTjF+GlX5jsZ+avvw03zA5RLuFL7JFGtafC6JSFMwPGNxsKPJ45sb4nh+zEJsxYaYXWu1E2vmGlkfmX2iYkNQQrE3pO8fzIio4hKO4DhlXMnKSk48WOoZ/v/LW5Rn; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kokopelli.hydra) by box183.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1LLOA2-0003ff-K1 for freebsd-questions@freebsd.org; Fri, 09 Jan 2009 13:40:55 -0700 Received: by kokopelli.hydra (sSMTP sendmail emulation); Fri, 9 Jan 2009 13:39:51 -0700 Date: Fri, 9 Jan 2009 13:39:51 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20090109203951.GB3007@kokopelli.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20090102164412.GA1258@phenom.cordula.ws> <20090103013825.18910bf5@gumby.homeunix.com> <495F5DD7.2070302@infracaninophile.co.uk> <200901052258.39785.fbsd.questions@rachie.is-a-geek.net> <20090106102124.O34151@wojtek.tensor.gdynia.pl> <20090106193126.GA82164@kokopelli.hydra> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Jan 2009 20:40:54 -0000 --f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 06, 2009 at 09:08:56PM -0800, Walt Pawley wrote: > At 12:31 PM -0700 1/6/09, Chad Perrin wrote: >=20 > >On the other hand, I don't trust Verisign, either. >=20 > What's to trust? If you pay them, you "in." Exactly. That's why I -- as the guy sitting in front of the *browser* -- don't trust Verisign to do my authentication and authorization thinking for me. There's at minimum a potential for conflict of interest there, in addition to the likelihood (now realized, in the form of leveraging MD5 to crack Verisign cert authenticity) of bureaucratic incompetence producing disaster entirely by accident. --=20 Chad Perrin [ content licensed OWL: http://owl.apotheon.org ] Quoth James Madison: "If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy." --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAklnthcACgkQ9mn/Pj01uKUzTwCePsjKB8QN3jvCpfseEGySZa9z k7AAnioO5TFbAJZyE/lmt6PYTU2ePNnH =ICdx -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y--