[cryptography] Gmail and SSL

Jeffrey Walton noloader at gmail.com
Sat Dec 15 15:57:37 EST 2012

On Sat, Dec 15, 2012 at 2:23 PM, ianG <iang at iang.org> wrote:
> ...
> This is a common error made by many security providers in the PKI space.
> Their security logic mistake is to assume that the self-signed signature is
> to be compared with something signed by an 'authority', rather than an
> unsigned competitor.
Right. Opportunistic encryption in email systems does not make the
system less secure when compared to plain text SMTP. When it passed
through my desk, I approved it (though something felt uncomfortable).


> On 14/12/12 18:51 PM, Eugen Leitl wrote:
>> ----- Forwarded message from Randy <nanog at afxr.net> -----
>> From: Randy <nanog at afxr.net>
>> Date: Fri, 14 Dec 2012 09:47:03 -0600
>> To: NANOG list <nanog at nanog.org>
>> Subject: Gmail and SSL
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
>>         rv:17.0) Gecko/17.0 Thunderbird/17.0
>> I'm hoping to reach out to google's gmail engineers with this message,
>> Today I noticed that for the past 3 days, email messages from my personal
>> website's pop3 were not being received into my gmail inbox. Naturally, I
>> figured that my pop3 service was down, but after some checking, every
>> thing
>> was working OK. I then checked gmail settings, and noticed some error.
>> It explained that google is no longer accepting self signed ssl
>> certificates. It claims that this change will "offer[s] a higher level of
>> security to better protect your information".
>> I don't believe that this change offers better security. In fact it is now
>> unsecured - I am unable to use ssl with gmail, I have had to select the
>> plain-text pop3 option.
>> I don't have hundreds of dollars to get my ssl certificates signed, and to
>> top it off, gmail never notified me of an error with fetching my mail. How
>> many of email accounts trying to grab mail are failing now? I bet
>> thousands, as a self signed certificate is a valid way of encrypting the
>> traffic.
>> Please google, remove this requirement.
>> Source:
>> http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL

More information about the cryptography mailing list