[cryptography] Gmail and SSL

Jeffrey Walton noloader at gmail.com
Fri Dec 14 17:08:14 EST 2012


On Fri, Dec 14, 2012 at 10:51 AM, Eugen Leitl <eugen at leitl.org> wrote:
> ----- Forwarded message from Randy <nanog at afxr.net> -----
>
> From: Randy <nanog at afxr.net>
> Date: Fri, 14 Dec 2012 09:47:03 -0600
> To: NANOG list <nanog at nanog.org>
> Subject: Gmail and SSL
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
>         rv:17.0) Gecko/17.0 Thunderbird/17.0
>
> I'm hoping to reach out to google's gmail engineers with this message,
> Today I noticed that for the past 3 days, email messages from my personal
> website's pop3 were not being received into my gmail inbox. Naturally, I
> figured that my pop3 service was down, but after some checking, every thing
> was working OK. I then checked gmail settings, and noticed some error.
> It explained that google is no longer accepting self signed ssl
> certificates. It claims that this change will "offer[s] a higher level of
> security to better protect your information".
> I don't believe that this change offers better security. In fact it is now
> unsecured - I am unable to use ssl with gmail, I have had to select the
> plain-text pop3 option.
>
> I don't have hundreds of dollars to get my ssl certificates signed, and to
> top it off, gmail never notified me of an error with fetching my mail. How
> many of email accounts trying to grab mail are failing now? I bet
> thousands, as a self signed certificate is a valid way of encrypting the
> traffic.
>
> Please google, remove this requirement.
>
> Source:
> http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL
Ah, interesting. I first encountered this debate in New York over
opportunistic encryption in mail servers via STARTTLS (and the
security controls surrounding it).

Jeff



More information about the cryptography mailing list