2016 Postmortem

Recursion

(56,582 posts)

167. You're mixing up DNS and certificates

Mon Jul 27, 2015, 10:02 PM

Jul 2015

(Or, you're probably not, but your comments could lead others to.)

The domain name was registered though a small ISP in NY. It was not registered by the government.

OK, still doesn't matter. The certificate was issued by the government CA. Government computers have that CA in their root store (and not much else). If it had been issued by Verisign or Thawte or whatever the government email servers wouldn't have talked to it.

And there's several million different entities with certificates. The fact that it's only 172 is actually pretty good.

But any one of them can sign a certificate for a domain ending in .gov. We should probably do something about that. I know the USG computers have a very restricted set of accepted certificate authorities, for instance, but that won't work for general public use. Right now, their alleged probity is allegedly policed primarily just by Microsoft, Google, the Mozilla Foundation, and the Debian Foundation.

Google has an interesting idea to use a certificate-pinning peer-review system, kind of like what OpenSSH uses. That could be useful, though not foolproof, particularly for new domains.

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

199 replies

= new reply since forum marked as read

Highlight:

So let me get this straight... [View all] MannyGoldstein Jul 2015 OP

K&R, and the Greatest Page for you. n/t CaliforniaPeggy Jul 2015 #1

This posting is lacking in fact and truth. ChiTownDenny Jul 2015 #82

And which specific facts and truths in the OP are substantially incorrect? MannyGoldstein Jul 2015 #91

It was not about her. lark Jul 2015 #97

That's not my understanding MannyGoldstein Jul 2015 #116

You know the article isn't true. lark Jul 2015 #120

And how do I know it isn't true? MannyGoldstein Jul 2015 #121

They had to go back and change it significantly. lark Jul 2015 #126

The NY Times is *absolutely* quoting government officials MannyGoldstein Jul 2015 #128

Government officials do not agree with your theory. lark Jul 2015 #148

I did not allege that. nt MannyGoldstein Jul 2015 #149

I read your "article". Did you read the Newseek article? ChiTownDenny Jul 2015 #101

The Newsweek article seems to misstate what's in the Times article. MannyGoldstein Jul 2015 #105

The Newsweek article is accurate. ChiTownDenny Jul 2015 #124

The Times specifically claims that both communities state the information was classified MannyGoldstein Jul 2015 #127

Gawd. ChiTownDenny Jul 2015 #129

The point is that if she wins the nomination, this will definitely be sabrina 1 Jul 2015 #147

So why do "Democrats" insist on giving lies, legs? n/t 1StrongBlackMan Jul 2015 #179

Good question, why do they? See your sigline, eg. Why do Dems insist sabrina 1 Jul 2015 #182

LOL. My sigline has nothing to do with Bernie and everything to do with his supporters ... 1StrongBlackMan Jul 2015 #184

The Times posted a "correction" ConservativeDemocrat Jul 2015 #137

If one really wants to know what is on the server, ask Russia and/or China. They know. eom Purveyor Jul 2015 #2

ask the NSA spqr78 Jul 2015 #26

Huh? It was the Government servers they broke into, not hers Recursion Jul 2015 #38

You really don't believe they didn't hack into hers also...? eom Purveyor Jul 2015 #52

I think smaller targets are usually harder Recursion Jul 2015 #53

As a network technician, with an emphasis on security RoccoR5955 Jul 2015 #57

So you really believe that no one would be interested in the SOS's private server. A Simple Game Jul 2015 #65

^^^this^^^ eom Purveyor Jul 2015 #89

And they know the domain and such of an ex-President? RoccoR5955 Jul 2015 #104

They probably got it from the email Hillary sent to their ambassador(s). A Simple Game Jul 2015 #108

If they had to have security checks done on them RoccoR5955 Jul 2015 #109

And you are telling me you don't think our SOS would send an email directly to A Simple Game Jul 2015 #113

There's lots of ways to find a server. RichVRichV Jul 2015 #119

You should know there are more than one kind of hacker out there. jeff47 Jul 2015 #92

Using default encryption keys is just plain stupid. RoccoR5955 Jul 2015 #106

So let's guess your point. Private servers are safer than government so she was actually rhett o rick Jul 2015 #58

She gets "special consideration" because it was legal at that point Recursion Jul 2015 #61

It was legal but it was also poor judgement. Why would anyone that knew they A Simple Game Jul 2015 #67

You say it was legal but you are not the last word. nm rhett o rick Jul 2015 #72

Nope. lark Jul 2015 #98

That's the worst rationalization ever. "They did it so why can't we?" The answer is, of course, rhett o rick Jul 2015 #142

I'm not sure what you can extrapolate from a sample of 40 emails out of the thousands she sent tularetom Jul 2015 #3

actually unless she is carnac she couldn't have known dsc Jul 2015 #6

It was not retroactively classified. MannyGoldstein Jul 2015 #12

She didn't wonder? She never asked? She just assumed all the secret squirrel stuff was secure? tularetom Jul 2015 #14

Not knowing has never been an excuse. She did know she was taking a big risk when she made rhett o rick Jul 2015 #143

Oh... I don't know. The AFT extrapolated Hillary's endorsement from what? 1,064 members? cherokeeprogressive Jul 2015 #27

actually that is a quite large sample dsc Jul 2015 #29

That was a pleasure to read Fairgo Jul 2015 #50

And completely unintelligible and/or ignored ... 1StrongBlackMan Jul 2015 #180

I can very easily believe she didn't know what was classified and what wasn't Recursion Jul 2015 #32

But that is the reason it is supposed to be on a secure server zeemike Jul 2015 #48

Where the server was is irrelevant to that Recursion Jul 2015 #49

It is relevant, due to who is to blame for a breach. jeff47 Jul 2015 #93

Well, no, State's IT people are not to blame if somebody emails classified Recursion Jul 2015 #146

The classified doesn't have to originate with her to be a breach. jeff47 Jul 2015 #96

The people who feel as you do are not "few." Maedhros Jul 2015 #4

And it's just plain unprofessional. KeepItReal Jul 2015 #8

It's a gift that will keep on giving for the Republicans Mnpaul Jul 2015 #23

Not just Republicans! zappaman Jul 2015 #24

Part of the primary process if to insure that our candidate can not be easily attacked awake Jul 2015 #153

actually no you pretty much have a whole bunch wrong dsc Jul 2015 #5

The State Department refused to turn over all of Clinton's emails for the review MannyGoldstein Jul 2015 #11

I could carefully chose 40 posts of yours dsc Jul 2015 #13

The Democrat running the State Department could turn everything over MannyGoldstein Jul 2015 #15

they are in the process of vetting them dsc Jul 2015 #19

Bush is corrupt and utterly detestable MannyGoldstein Jul 2015 #20

Government officials sending classified info from email servers in their garage? Cheese Sandwich Jul 2015 #7

That would be a problem whether she used State's servers or her own servers. Recursion Jul 2015 #37

So far I've been actively ignoring Hillary's email "scandal" 99th_Monkey Jul 2015 #9

I just watched an episode of The Good Wife last week(Season 4, Episode 19) Divernan Jul 2015 #10

Personally I think electronically transmitting classified info TexasProgresive Jul 2015 #16

As I understand it from watching Tweety interview the NYT reporter, GitRDun Jul 2015 #17

And this would not have been a problem MannyGoldstein Jul 2015 #18

How many phones do you expect her to carry? Ed Suspicious Jul 2015 #21

Absolutely! ananda Jul 2015 #22

No she is not. It's QUEEN Hillary. 840high Jul 2015 #40

LOL ananda Jul 2015 #115

You're supposed to go into a special room and use a special email address to read classified stuff Recursion Jul 2015 #36

the CONE OF SILENCE!!! Sancho Jul 2015 #74

Oh, please. I'm barely past the dumb phone stage, Ms. Toad Jul 2015 #78

Benghazi! zappaman Jul 2015 #25

Vince Foster! Travel Gate! Blah blah blah redstateblues Jul 2015 #28

Well She Is In Karl Rove's Circle billhicks76 Jul 2015 #45

Let's get this straight. The NYT has given a flawed report, has edited the report, Elijah Cummings Thinkingabout Jul 2015 #30

Why did you add "unsecure" there? Recursion Jul 2015 #31

Ccb standards? MannyGoldstein Jul 2015 #34

Configuration Control Board. The government regulations about computer systems. Recursion Jul 2015 #35

I'm familiar with the concept of a CCB MannyGoldstein Jul 2015 #41

The server was set up and approved by State dept. under Bill Clinton... JaneyVee Jul 2015 #42

Let's take these one at a time, OK? MannyGoldstein Jul 2015 #43

Those interested in the facts read posts 30 and 42. (eom) oasis Jul 2015 #117

Prepare to slam your head against your desk: it's Exchange Recursion Jul 2015 #44

Government certificates. Clinton's server used her own. (nt) jeff47 Jul 2015 #95

Why do you say she used her own certs? Recursion Jul 2015 #144

Because everyone who is not on a .gov does. jeff47 Jul 2015 #164

Two problems there Recursion Jul 2015 #165

Her server was clintonemail.com. That isn't a .gov. jeff47 Jul 2015 #166

You're mixing up DNS and certificates Recursion Jul 2015 #167

Nope. jeff47 Jul 2015 #169

No, that's not true Recursion Jul 2015 #170

No, it really does go and check. jeff47 Jul 2015 #171

But the USG server has the Chinese-signed certificate on it Recursion Jul 2015 #172

No, the USG server is using its own certificate jeff47 Jul 2015 #177

Which is Chinese-signed in our scenario Recursion Jul 2015 #185

Can does not mean did. jeff47 Jul 2015 #186

We don't know that Recursion Jul 2015 #187

Yes, actually we do. Because that's how all these protocols work. jeff47 Jul 2015 #188

You have no idea what A records the server had, though Recursion Jul 2015 #189

How deep a hole do you want to keep digging? jeff47 Jul 2015 #198

That's funny, I was asking you the same thing Recursion Jul 2015 #199

Because it was unsecure. jeff47 Jul 2015 #94

You can't put classified information on the main email servers either Recursion Jul 2015 #145

I haven't seen enough to know if this is a problem DemocraticWing Jul 2015 #33

Well, you know, the Repugs will try and make a big deal out of anything, they're so desperate. YOHABLO Jul 2015 #39

National Security: "Who gives a rats ass" Cosmic Kitten Jul 2015 #66

It was poor judgement, and poor judgement doesn't sabrina 1 Jul 2015 #70

+1 for that last sentence. Here, here! n/t Beartracks Jul 2015 #99

If I might suggest, and anyone who wants to can blast me for this, mikehiggins Jul 2015 #46

It's primary time dreamnightwind Jul 2015 #47

"It's primary time" Thank you. Scuba Jul 2015 #54

I agree LiberalLovinLug Jul 2015 #87

The question no one wants to answer, or even ASKED is... WAS HER SERVER HACKED? cherokeeprogressive Jul 2015 #51

We can pretty much guarantee "yes". jeff47 Jul 2015 #102

Best case scenario: Hillary was foolish and naive. Scuba Jul 2015 #55

You need to change fadedrose Jul 2015 #56

She has no chance to win the GE. Too many people don't trust her now, Zorra Jul 2015 #59

if she really cared about this country, restorefreedom Jul 2015 #63

. Dr Hobbitstein Jul 2015 #60

No. You got it crooked. Evergreen Emerald Jul 2015 #62

For the broad swath of zentrum Jul 2015 #64

Hillary claims China is hacking EVERYTHING, is she right? Cosmic Kitten Jul 2015 #68

No, you'll never have it straight. randome Jul 2015 #69

This is an unforced error by Hillary Cosmic Kitten Jul 2015 #71

For me the emails are a non-issue perdita9 Jul 2015 #73

Manny, Your concern about this is ironic, MineralMan Jul 2015 #75

Seems like a bit of a stretch, are you suggesting she gets a pass and Snowden shouldn't? marble falls Jul 2015 #76

The leaked State Department cables had nothing to do with Snowden. MineralMan Jul 2015 #77

If Clinton stole documents and fled the country, it would be exactly the same. randome Jul 2015 #79

Any port in a storm, it seems. MineralMan Jul 2015 #84

Truly, I think that people should play by the rules they agree to play by MannyGoldstein Jul 2015 #81

The State Department cables were not from Snowden. MineralMan Jul 2015 #83

I never celebrated the Wikileaks dump MannyGoldstein Jul 2015 #85

Actually, I think any intrepid DUer need only Google your username and "manning" msanthrope Jul 2015 #122

And did I celebrate the release of information? MannyGoldstein Jul 2015 #125

"Celebrate" is a rather subjective term manny. what would be more objective msanthrope Jul 2015 #157

LOL. So now you've gone from implying I celebrated it, MannyGoldstein Jul 2015 #159

Messy and regrettable as this thread has become, Manny, I implied nothing at all. msanthrope Jul 2015 #160

You were just helpfully reminding people about the search function MannyGoldstein Jul 2015 #163

Can I expect an apology for your incorrect claim MannyGoldstein Jul 2015 #112

Not unless you repudiate your hero worship of MineralMan Jul 2015 #136

Whooooosh! MannyGoldstein Jul 2015 #138

You're close. Go for three! MineralMan Jul 2015 #140

^^^^^ Thread should end right here ^^^^^ JoePhilly Jul 2015 #100

Because I totally refuted it later? MannyGoldstein Jul 2015 #107

She's a liar and cannot be trusted. morningfog Jul 2015 #80

I see this is the bitter thread. Metric System Jul 2015 #88

So this makes her a traitor to the United States? lunatica Jul 2015 #86

No but it's a pretty big hammer to defend against. Kablooie Jul 2015 #90

NYTIMES phoenixpcrod Jul 2015 #103

He knows this from his previous thread. He just can't get enough of bashing Democrats. randome Jul 2015 #111

Which is exactly what I wrote. nt MannyGoldstein Jul 2015 #114

I'm still waiting fadedrose Jul 2015 #110

You do remember wrong Progressive dog Jul 2015 #123

Not this filegate fadedrose Jul 2015 #133

Table not involved in above post fadedrose Jul 2015 #134

That filegate had to do with a lower level employee Progressive dog Jul 2015 #150

I read the whole article. fadedrose Jul 2015 #152

Whoever the Democratic nominee is Progressive dog Jul 2015 #156

Uh-Oh...... bvar22 Jul 2015 #118

This message was self-deleted by its author LiberalArkie Jul 2015 #130

During my intel years in the 60's, I saw things classified after release to the public. alfredo Jul 2015 #131

Whatever. Cheviteau Jul 2015 #132

No one is going to make you 840high Jul 2015 #135

Kick and R BeanMusical Jul 2015 #139

So are these "Judges" jimlup Jul 2015 #141

B-E-N-G-H-A-Z-I!!!! liberal N proud Jul 2015 #151

The OP said nothing about B-E-N-G-H-A-Z-I!!!! awake Jul 2015 #154

oh yeah... it's ANOTHER phony scandal... Adrahil Jul 2015 #155

Messy and Regrettable. ....is what the NY TIMES is now calling their reportage......nt msanthrope Jul 2015 #158

Yup, yet there is no self-delete or mea culpa from the OP. The source they used has issued one, but stevenleser Jul 2015 #175

You haven't deleted this and issued a mea culpa yet? nt stevenleser Jul 2015 #161

Tell me what, specifically, is incorrect MannyGoldstein Jul 2015 #162

You've claimed it was "unsecure" Recursion Jul 2015 #168

At the very least... for three months she didn't have an SSL cert MannyGoldstein Jul 2015 #173

So I take it that you have no factual disagreement with my post. nt MannyGoldstein Jul 2015 #174

Posted to for later. 1StrongBlackMan Jul 2015 #176

Well. It appears that the media ... 1StrongBlackMan Jul 2015 #178

Your enjoy this 'cast fake aspersions' game MannyGoldstein Jul 2015 #181

A line from Shakespeare comes to mind; but, the Southern saying ... 1StrongBlackMan Jul 2015 #183

But what doesn't seem to come to your mind? MannyGoldstein Jul 2015 #190

The article at my link ... You know, the article of the news outlet saying we screwed up ... 1StrongBlackMan Jul 2015 #191

IS this what you sugest "addresses" the facts? Cosmic Kitten Jul 2015 #192

Okay. n/t 1StrongBlackMan Jul 2015 #193

So it's a correct reading of the link? Cosmic Kitten Jul 2015 #194

When one pins the basis the defense of one's opinion ... 1StrongBlackMan Jul 2015 #195

When you say "screwed up", that's fairly broad language Cosmic Kitten Jul 2015 #196

Okay. n/t 1StrongBlackMan Jul 2015 #197