On Fri, Dec 14, 2012 at 10:51 AM, Eugen Leitl <eu...@leitl.org> wrote: > ----- Forwarded message from Randy <na...@afxr.net> ----- > > From: Randy <na...@afxr.net> > Date: Fri, 14 Dec 2012 09:47:03 -0600 > To: NANOG list <na...@nanog.org> > Subject: Gmail and SSL > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; > rv:17.0) Gecko/17.0 Thunderbird/17.0 > > I'm hoping to reach out to google's gmail engineers with this message, > Today I noticed that for the past 3 days, email messages from my personal > website's pop3 were not being received into my gmail inbox. Naturally, I > figured that my pop3 service was down, but after some checking, every thing > was working OK. I then checked gmail settings, and noticed some error. > It explained that google is no longer accepting self signed ssl > certificates. It claims that this change will "offer[s] a higher level of > security to better protect your information". > I don't believe that this change offers better security. In fact it is now > unsecured - I am unable to use ssl with gmail, I have had to select the > plain-text pop3 option. > > I don't have hundreds of dollars to get my ssl certificates signed, and to > top it off, gmail never notified me of an error with fetching my mail. How > many of email accounts trying to grab mail are failing now? I bet > thousands, as a self signed certificate is a valid way of encrypting the > traffic. > > Please google, remove this requirement. > > Source: > http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL Ah, interesting. I first encountered this debate in New York over opportunistic encryption in mail servers via STARTTLS (and the security controls surrounding it).
Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography