[cryptography] Gmail and SSL

Andy Steingruebl andy at steingruebl.com
Sat Dec 15 15:23:23 EST 2012

I think what you really want is the ability within Google's interface to
specify how you'd like the certificate verified.  If the threat model they
are defending against is MiTM, then merely accepting the certificate
without prompting from you provides protection against passive
eavesdropping only, not active MiTM.  They've chosen to try and defend
against those who can tinker with packets, not just observe them.

You may disagree that this is the right threat to protect against (you
might be more worried about the NSA observing packets for example, rather
than tinkering with them) but given some of the more recent attacks against
Google (and Facebook's) customers they believe that active MiTM is actually
a real threat, and would rather not pretend to protect you from it when
they aren't, by using a self-signed certificate that they haven't verified
in any way, even by you presenting it.

The obvious solution is to either:

1. Not use TLS
2. Default to CA signed certificates
3. Support other protocols or means for you to identify what keys and/or
trust-anchors you trust.

Given that Google actually controls the client-code in this case, it might
actually a truly usable use-case for the newly minted CAA and TLSA (DANE)
specifications.  They can't be deployed most places (browsers) because of
last-mile DNS tinkering by all of the middleboxes on people's networks, but
that probably isn't the case where Google is connecting to your server,
using theirs.

Just a thought.

- Andy

On Fri, Dec 14, 2012 at 7:51 AM, Eugen Leitl <eugen at leitl.org> wrote:

> ----- Forwarded message from Randy <nanog at afxr.net> -----
> From: Randy <nanog at afxr.net>
> Date: Fri, 14 Dec 2012 09:47:03 -0600
> To: NANOG list <nanog at nanog.org>
> Subject: Gmail and SSL
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
>         rv:17.0) Gecko/17.0 Thunderbird/17.0
> I'm hoping to reach out to google's gmail engineers with this message,
> Today I noticed that for the past 3 days, email messages from my personal
> website's pop3 were not being received into my gmail inbox. Naturally, I
> figured that my pop3 service was down, but after some checking, every thing
> was working OK. I then checked gmail settings, and noticed some error.
> It explained that google is no longer accepting self signed ssl
> certificates. It claims that this change will "offer[s] a higher level of
> security to better protect your information".
> I don't believe that this change offers better security. In fact it is now
> unsecured - I am unable to use ssl with gmail, I have had to select the
> plain-text pop3 option.
> I don't have hundreds of dollars to get my ssl certificates signed, and to
> top it off, gmail never notified me of an error with fetching my mail. How
> many of email accounts trying to grab mail are failing now? I bet
> thousands, as a self signed certificate is a valid way of encrypting the
> traffic.
> Please google, remove this requirement.
> Source:
> http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL
> ----- End forwarded message -----
> --
> Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
> ______________________________________________________________
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121215/6ef1e510/attachment.html>

More information about the cryptography mailing list