[cryptography] Gmail and SSL

James A. Donald jamesd at echeque.com
Mon Dec 17 20:18:20 EST 2012

On 2012-12-18 1:25 AM, CodesInChaos wrote:
> One could require the user to specify/confirm a certificate 
> fingerprint on gmail in such a case. That way you're MitM proof, even 
> with a self signed certificate.

Who is the real you?  Well, obviously the you that knows the gmail password.

Therefore, password should no be communicated in the clear.  Gmail 
should not care whether you have a validly signed certificate, but you 
should care whether gmail has a validly signed certificate, and that it 
has the usual signature.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121218/52648b6b/attachment.html>

More information about the cryptography mailing list