One could require the user to specify/confirm a certificate fingerprint on gmail in such a case. That way you're MitM proof, even with a self signed certificate.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
