[cryptography] Gmail and SSL

James A. Donald jamesd at echeque.com
Fri Dec 14 18:52:03 EST 2012


On 2012-12-15 1:51 AM, Eugen Leitl wrote:
> ----- Forwarded message from Randy <nanog at afxr.net> -----
>
> From: Randy <nanog at afxr.net>
> Date: Fri, 14 Dec 2012 09:47:03 -0600
> To: NANOG list <nanog at nanog.org>
> Subject: Gmail and SSL
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
> 	rv:17.0) Gecko/17.0 Thunderbird/17.0
>
> I'm hoping to reach out to google's gmail engineers with this message,
> Today I noticed that for the past 3 days, email messages from my personal
> website's pop3 were not being received into my gmail inbox. Naturally, I
> figured that my pop3 service was down, but after some checking, every thing
> was working OK. I then checked gmail settings, and noticed some error.
> It explained that google is no longer accepting self signed ssl
> certificates. It claims that this change will "offer[s] a higher level of
> security to better protect your information".
> I don't believe that this change offers better security. In fact it is now
> unsecured - I am unable to use ssl with gmail, I have had to select the
> plain-text pop3 option.

 From the point of view of the state, the big advantage of SSL 
certificates signed by an authority, is that there are plenty of 
authorities that will sign anything the state tells them to.

If, for example, your website is e-gold.com,  this leads to problems.

Google has a propensity to favor state friendly solutions - more 
particularly, solutions friendly to the US Government, but not the 
Chinese or Russian government.





More information about the cryptography mailing list