Monthly Archives: December 2013

What Gets Commentators Excited

Posted on December 12, 2013 by Michael Froomkin

I write a fair amount about politics here. And about the law. But what issue has the power to keep commentators excited ten years after I first posted about it? Knee Defender.

The fringes of the public sphere indeed.

Posted in Discourse.net | Comments Off on What Gets Commentators Excited

UMiami’s Holiday Wishes

Posted on December 12, 2013 by Michael Froomkin

Online here if you don’t see it below.

Your university tuition dollar at work.

Stop here if that filled you with holiday cheer.

Continue on if you want some Grinch.
Continue reading

Posted in Law: Internet Law, U.Miami | Comments Off on UMiami’s Holiday Wishes

Hoovernomics Explains the Economy

Posted on December 12, 2013 by Michael Froomkin

This one chart tells you much of what you need to know about the fiscal side of the US economy: we’re dealing with a recession/depression Herbert Hoover style — by cutting government spending just when we would have needed a strong counter-cyclical push from government.

121213krugman1-blog480

What’s good about this chart, lifted from Krugman, is that it aggregates federal, state, and local spending; everyone’s cutting.

Something to consider as you look at the ugly budget deal coming out of Congress — the one that doesn’t extend unemployment benefits and, as far as I can tell, doesn’t fix the recent vicious cuts to food stamps either. (Please correct me if I’m wrong about that.)

Posted in Econ & Money | 6 Comments

Please Vote for Jotwell

Posted on December 12, 2013 by Michael Froomkin

2013VOTETHISBLAWG1Please vote for Jotwell in the ABA Journal’s ‘Blawg 100’ competition. [I’m leaving this at the top until the 20th – scroll down for new stuff]
Continue reading

Posted in Jotwell | 1 Comment

How to Tell if the Goverment is Lying About the NSA

Posted on December 10, 2013 by Michael Froomkin

Watch their lips. If they’re moving…

(Apologies if this auto-played; I had inconsistent results with different browsers. Embedding Daily Show links is harder than it should be.)

Posted in Surveillance | 1 Comment

SSL Certificate Trust Model Has Problems

Posted on December 9, 2013 by Michael Froomkin

French agency caught minting SSL certificates impersonating Google:

The secure sockets layer (SSL) credentials were digitally signed by a valid certificate authority, an imprimatur that caused most mainstream browsers to place an HTTPS in front of the addresses and display other logos certifying that the connection was the one authorized by Google. In fact, the certificates were unauthorized duplicates that were issued in violation of rules established by browser manufacturers and certificate authority services.

The certificates were issued by an intermediate certificate authority linked to the Agence nationale de la sécurité des systèmes d’information, the French cyberdefense agency better known as ANSSI. After Google brought the certificates to the attention of agency officials, the officials said the intermediate certificate was used in a commercial device on a private network to inspect encrypted traffic with the knowledge of end users, Google security engineer Adam Langley wrote in a blog post published over the weekend. Google updated its Chrome browser to reject all certificates signed by the intermediate authority and asked other browser makers to do the same. Firefox developer Mozilla and Microsoft, developer of Internet Explorer have followed suit. ANSSI later blamed the mistake on human error. It said it had no security consequences for the French administration or the general public, but the agency has revoked the certificate anyway.

An intermediate certificate authority is a crucial link in the “chain of trust” that’s key in connections protected by SSL and its successor protocol, known as transport layer security (TLS). Because intermediate certificates are signed by a root certificate embedded in the browser, they have the ability to mint an unlimited number of digital certificates for virtually any site. The individual certificates will be accepted by default by most browsers.

Maybe it’s time to dust off and update my article on digital signatures and digital certificates, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Ore. L. Rev. 49 (1996). I think this was the first article published in a US law review on the topic, and even though it’s held up well, there have been many developments in nearly 20 years. On the other hand, there are three new papers I need to finish first…

Posted in Law: Internet Law | Comments Off on SSL Certificate Trust Model Has Problems