On 8/6/11 11:08 AM, Joe Provo wrote:
Belief has nothing to do with it. The article is vaguely referring to 'search' and incorrectly jumps to https. Disappointing that nanog readers can't readhttp://www.paxfire.com/faqs.php and get a clue, instead all the mouth-flapping about MItM and https. While collectively encouraging more https is a*good* thing, it is utterly tangential and misses the meat of this matter.
Disappointing that certain nanog readers depend on information put out by the vendor to be 100% honest and forthcoming in what their product does. There's more to hijacking queries/dns/etc then just ISPs mucking with queries. MitM attacks, SSL hijacking, etc is all a valid concern, and completely within the realm of the discussion here and this topic. As pointed out, there are ISPs and whole countries who have no qualms with doing this type of thing. Further, who cares if the company says their product isn't made or won't do what it may be doing? We all know full well that people use products in ways they aren't meant or intended to be used. When companies realize that they can't just transparently muck with traffic anymore because 90% of customer traffic is encrypted, do you really think, in all honesty, that companies won't find a way to regain this revenue stream, even if it runs afoul of laws/ethics/etc? -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org