From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id AC7823B2A4 for ; Mon, 15 Nov 2021 17:36:12 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id BE43B18027; Mon, 15 Nov 2021 17:38:29 -0500 (EST) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id A9c-21v8MQxM; Mon, 15 Nov 2021 17:38:26 -0500 (EST) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 1FE8D18011; Mon, 15 Nov 2021 17:38:26 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1637015906; bh=esXlep3lU/X1132qF4+r+3kBvL9Fqf1ldOlWK4AbWo4=; h=From:To:Subject:In-Reply-To:References:Date:From; b=4/ZycbSz+CqR6ulOYa2wBAu4QFExWV7wI7xn0AzBO+rg0GrjAn3xjF4WLJCOlRr+j Ve822Ooqei1CkonS8GVspzermVIIVjc6uzln+NQntWtiHbukXMyEmNr20QXDy4Ifi8 bxwdKOciPp2EMli0tVU4cRcIdOtuQLbJRHwpTF5ZkBeOp3GsHPLPi8b4OziEYY7OFh Bjtz5cajxFM99xCsIanQcxBY5RLN9m92YCEOGO2SYK7jd8fXZW8zW46dS228S/Aa+v 6DybOKFSNzMhptVYVWJ4rTqdAgh6yRHksgQQiIciUYBekZ1cPAmjauy2ZP0QaPecGE YhH+yjXODI5Uw== Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D4FE1536; Mon, 15 Nov 2021 17:36:06 -0500 (EST) From: Michael Richardson To: "David P. Reed" , "Livingood\, Jason" , "starlink\@lists.bufferbloat.net" In-Reply-To: <1637001937.876717373@apps.rackspace.com> References: <1636655426.376728690@apps.rackspace.com> <523DB564-9E11-4845-8072-003D9E1863AC@cable.comcast.com> <1637001937.876717373@apps.rackspace.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Subject: Re: [Starlink] something of a step backwards X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2021 22:36:12 -0000 --=-=-= Content-Type: text/plain David P. Reed wrote: > The mechanism for MITM'ing HTTPS connections is well known. I don't > intend to detail it here, but it is based on the fact that certs aren't > properly validated by client-end software and server-end software. No, this is just not the case. While there are occasionally issues that affect some strange corner case, there are no issues in browsers available on any platforms I know of. It can only be done in Enterprise cases where the Enterprise uses a management system to push new anchors. That part is "well-known". As for blaming protocols when the fault is bufferbloat, you are definitely right on. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAmGS4NYACgkQgItw+93Q 3WXAUAgAsM8hKjKxd8tq3jDmLqVM6jwYhaqXxM5UQdP2wBV/phDJOHEZ685mvZsN GpDVypeNMPyT4/NVRHQoXiMf52VP3azUmGjmqYABxUB7l3oWAu97OwLKQbcrFPfK UU/2r5mV+iD1FLPQupD/MXd9egGeHxgGWAW81wD86k55Jqgw089N1xStBCYo5gDw NNfDf+VEPY0GoCMd1wzrHi4qy/B6E+gwUoRZxUHSdasWY2eAn55iDw3ECU5oBWsh KPnrM6efnTd4DlPYG2Z+pMsSvhLjd+ke8H9EH5J2DlNGXGXqkABvR/GBdSgG90eZ GbvGFDzlvHDDkqENUpdCRtGB0gKV2w== =RAE4 -----END PGP SIGNATURE----- --=-=-=--