On Tuesday, 21 April 2015 07:43:34 UTC+1, Marko V wrote: > > As Zack says, you're not trusting the certificate, you're wanting Google > to. >
No. No, I'm not. I'm wanting Google to attempt to log in to another server on my behalf, using my password, on the condition that the server it's logging into can demonstrate it holds the private key corresponding to a particular public key. That doesn't put Google in the position of having to trust anybody at all; the risk is that my password will be divulged to a third party, which won't happen unless somebody gets the private key, but Google doesn't stand to lose in any circumstance. > As he also rightly mentions, it is about the third party verification. > There is no valid reason to trust any self-signed certificate. > No. If you know that it was generated by the person who is trying to authenticate themselves (or their server) to you, then you can trust > Somebody performing a man-in-the-middle attack can just as easily generate > one and Google's system would be none the wiser. > No. No, no. Go back to my post, because you either didn't understand it or just plain didn't read it. I did not ask for a "blindly accept all self-signed certificates" button. I asked for the ability to approve a *particular* certificate. That is how almost all other email clients (and browsers) handle self-signed certificates; they let you see the certificate (or its fingerprint) and decide whether to add it to a list of certificates to be accepted. Generate as many of your own certificates as you want, but good luck generating one with the same SHA-2 as mine... Can we now talk about solutions that will let me read my email, rather than me having to explain basic security theory to people who assume I'm an idiot? -- You received this message because you are subscribed to the Google Groups "Gmail-Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/gmail-users. For more options, visit https://groups.google.com/d/optout.
