From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 61ACA138247 for ; Thu, 7 Nov 2013 10:14:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 95C23E0B4D; Thu, 7 Nov 2013 10:14:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A2A3EE0AC0 for ; Thu, 7 Nov 2013 10:14:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 832A033D3D7 for ; Thu, 7 Nov 2013 10:14:51 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.233 X-Spam-Level: X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5.5 tests=[AWL=-1.230, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivniCzPSQlP3 for ; Thu, 7 Nov 2013 10:14:46 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B856033EE9E for ; Thu, 7 Nov 2013 10:14:42 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VeMbm-0006bT-Ld for gentoo-dev@gentoo.org; Thu, 07 Nov 2013 11:14:38 +0100 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 07 Nov 2013 11:14:38 +0100 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 07 Nov 2013 11:14:38 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: OCSP Was: friendly reminder wrt net virtual in init scripts Date: Thu, 7 Nov 2013 10:14:18 +0000 (UTC) Message-ID: References: <20131105033007.GA23263@linux1> <20131105144915.GM22282@server> <52791F2E.2020704@orlitzky.com> <527A9478.10208@whissi.de> <20131106201334.GD22282@server> <527AE62D.20902@whissi.de> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT 6e6fd84 /usr/src/portage/src/egit-src/pan2) X-Archives-Salt: 202702d2-c976-4003-b4ba-dd9b73304766 X-Archives-Hash: a942b4ed0e729425d57a6e5c0b0a2d3e Thomas D. posted on Thu, 07 Nov 2013 02:00:29 +0100 as excerpted: > Duncan wrote: >> Meanwhile, another question for Thomas. Is this "certificate stapling" >> the same thing google chrome is now doing for the google site, that >> enabled it to detect the (I think it was) Iranian and/or Chinese CA >> tampering, allowing them to say a "google" cert was valid that was >> actually their MitM cert, as appeared in the tech-news a few months >> ago? Or was that something different? > > No, OCSP Stapling is something else. > > Guess you are talking about HSTS and "SSL pinning" [1,2]: In Google > Chrome, they hard coded some certificates/certificate meta data [3] > which must be present in every certificate used for any Google site. That was it, yes. Thanks greatly for clearing up my confusion. =:^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman