[Fed-Talk] Fed use of SSL Man-in-the-middle?
[Fed-Talk] Fed use of SSL Man-in-the-middle?
- Subject: [Fed-Talk] Fed use of SSL Man-in-the-middle?
- From: Niels Olson <email@hidden>
- Date: Thu, 05 May 2011 11:02:20 -0700
I have noticed the fingerprints on some of my certificates are
incorrect when accessed at my clinic. Digging deeper I also found some
certificates, including some from google, were being issued by a local
network domain.
Just curious, has anyone else seen this, manged these services, etc?
Any insight on the motives? Eg, I notice that gmail will load unless
using chromium, where thee browser detects the error and refuses to
load. What's the motivation to monitor personal email? assuming the
information is being archived, wouldn't the security of that archive
quickly become a bigger liability than the gains of monitoring?
Regards,
Niels Olson
--
Niels Olson
email@hidden
h/c: (410) 212-1281
http://nielsolson.us
This message may contain private information for persons named above. Please
don't share that information with anyone without a need to know. If you
received confidential information without a PGP wrapper, assume it was
compromised, delete it, tell the sender, and try to tell the victim. Please
don't send someone else's private information if you're not reasonably
certain the recipient has a need to know and that the message will be kept
private. Plain email is not private. In some cases, such as health
information protected under the US HIPAA law or information protected under
the US Privacy Act, plain email may be illegal. If you must relate a
person's identity to their private information in email, use Hushmail or
insist your recipients provide you their PGP public key. My public key is
here: http://nielsolson.us/contact.html.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden