[cryptography] Gmail and SSL

James A. Donald jamesd at echeque.com
Mon Dec 17 20:18:20 EST 2012


On 2012-12-18 1:25 AM, CodesInChaos wrote:
> One could require the user to specify/confirm a certificate 
> fingerprint on gmail in such a case. That way you're MitM proof, even 
> with a self signed certificate.
>

Who is the real you?  Well, obviously the you that knows the gmail password.

Therefore, password should no be communicated in the clear.  Gmail 
should not care whether you have a validly signed certificate, but you 
should care whether gmail has a validly signed certificate, and that it 
has the usual signature.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121218/52648b6b/attachment.html>


More information about the cryptography mailing list