On Sat, Dec 15, 2012 at 2:23 PM, ianG <[email protected]> wrote: > ... > > This is a common error made by many security providers in the PKI space. > Their security logic mistake is to assume that the self-signed signature is > to be compared with something signed by an 'authority', rather than an > unsigned competitor. Right. Opportunistic encryption in email systems does not make the system less secure when compared to plain text SMTP. When it passed through my desk, I approved it (though something felt uncomfortable).
Jeff > On 14/12/12 18:51 PM, Eugen Leitl wrote: >> >> ----- Forwarded message from Randy <[email protected]> ----- >> >> From: Randy <[email protected]> >> Date: Fri, 14 Dec 2012 09:47:03 -0600 >> To: NANOG list <[email protected]> >> Subject: Gmail and SSL >> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; >> rv:17.0) Gecko/17.0 Thunderbird/17.0 >> >> I'm hoping to reach out to google's gmail engineers with this message, >> Today I noticed that for the past 3 days, email messages from my personal >> website's pop3 were not being received into my gmail inbox. Naturally, I >> figured that my pop3 service was down, but after some checking, every >> thing >> was working OK. I then checked gmail settings, and noticed some error. >> It explained that google is no longer accepting self signed ssl >> certificates. It claims that this change will "offer[s] a higher level of >> security to better protect your information". >> I don't believe that this change offers better security. In fact it is now >> unsecured - I am unable to use ssl with gmail, I have had to select the >> plain-text pop3 option. >> >> I don't have hundreds of dollars to get my ssl certificates signed, and to >> top it off, gmail never notified me of an error with fetching my mail. How >> many of email accounts trying to grab mail are failing now? I bet >> thousands, as a self signed certificate is a valid way of encrypting the >> traffic. >> >> Please google, remove this requirement. >> >> Source: >> >> http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
