[Freedombox-discuss] :Configuration: Plug Server Test Publically Available

[Bjarni Rúnar Einarsson]

2011/11/6 Nick Daly <nick.m.daly at gmail.com>:
> No disrespect to either of the above governments intended, I was
> ironically referring to the fact that there's no way I can know who has
> what interest in faking which certificates.  After reading "Certified
> Lies" (and installing Cert Patrol [0]) I worry less about the majority
> of SSL MITM attacks and primarily about country-specific attacks.  I
> actually forgot SSL's issues were bigger than country-specific concerns,
> since I'm less vulnerable to those types of attacks.

Of course.  But the country-specific attacks are country specific not
because of where the cert comes from, but because of where the routers
are. :-)

In order to MITM you, the "bad guy" has to insert himself into your
communication path and provide a valid cert. There are a few ways to
do this (hack a router, DNS manipulation, etc.), but generally
speaking you are at greatest risk from the infrastructure near you, or
near the party you are communicating with.

PageKite runs servers in a few places (U.S., U.K. and Iceland), so if
you are in the U.S. there is a good chance that you are only using
U.S. infrastructure.  Whether this is comforting or not depends on
your threat model. :-)

-- 
Bjarni R. Einarsson
Founder, lead developer of PageKite.

Make localhost servers visible to the world: http://pagekite.net/