Re: [cryptography] Gmail and SSL

Sat, 15 Dec 2012 11:23:54 -0800

The presence of a self-signed signature cannot possibly be less secure than the non-presence of any signature. If they are rejecting self-signed sigs, then they must also logically reject unsigned provision.
This is a common error made by many security providers in the PKI space. Their security logic mistake is to assume that the self-signed signature is to be compared with something signed by an 'authority', rather than an unsigned competitor. 


It is one of those enduring flaws that indicate that security isn't the 
objective with such systems.


iang



On 14/12/12 18:51 PM, Eugen Leitl wrote:

----- Forwarded message from Randy <na...@afxr.net> -----

From: Randy <na...@afxr.net>
Date: Fri, 14 Dec 2012 09:47:03 -0600
To: NANOG list <na...@nanog.org>
Subject: Gmail and SSL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
        rv:17.0) Gecko/17.0 Thunderbird/17.0

I'm hoping to reach out to google's gmail engineers with this message,
Today I noticed that for the past 3 days, email messages from my personal
website's pop3 were not being received into my gmail inbox. Naturally, I
figured that my pop3 service was down, but after some checking, every thing
was working OK. I then checked gmail settings, and noticed some error.
It explained that google is no longer accepting self signed ssl
certificates. It claims that this change will "offer[s] a higher level of
security to better protect your information".
I don't believe that this change offers better security. In fact it is now
unsecured - I am unable to use ssl with gmail, I have had to select the
plain-text pop3 option.

I don't have hundreds of dollars to get my ssl certificates signed, and to
top it off, gmail never notified me of an error with fetching my mail. How
many of email accounts trying to grab mail are failing now? I bet
thousands, as a self signed certificate is a valid way of encrypting the
traffic.

Please google, remove this requirement.

Source:
http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL

----- End forwarded message -----



_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography






















					Reply via email to