On Mon, Apr 20, 2015 at 12:30 AM, Andrew Kay <[email protected]> wrote:
> Oh please Zack, explain to me in detail why I should trust a key signed by > VeriSign more than I trust a key generated and signed by, for example, me. > Perhaps I should let VeriSign choose my passwords for me, too, I'm sure > that would be much more secure. As Zack says, you're not trusting the certificate, you're wanting Google to. As he also rightly mentions, it is about the third party verification. There is no valid reason to trust any self-signed certificate. Somebody performing a man-in-the-middle attack can just as easily generate one and Google's system would be none the wiser. -- Marko -- You received this message because you are subscribed to the Google Groups "Gmail-Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/gmail-users. For more options, visit https://groups.google.com/d/optout.
