Search Mailing List Archives
[liberationtech] Gmail and SSL
eugen at leitl.org
Thu Jan 3 06:24:07 PST 2013
----- Forwarded message from Maxim Khitrov <max at mxcrypt.com> -----
From: Maxim Khitrov <max at mxcrypt.com>
Date: Thu, 3 Jan 2013 09:01:09 -0500
To: Damian Menscher <damian at google.com>
Cc: nanog at nanog.org
Subject: Re: Gmail and SSL
On Thu, Jan 3, 2013 at 12:14 AM, Damian Menscher <damian at google.com> wrote:
> Back on topic: encryption without knowing who you're talking to is worse
> than useless (hence no self-signed certs which provide a false sense of
> security), and there are usability difficulties with exposing strong
> security to the average user (asking users to generate and upload a
> self-signed cert would be a customer-support disaster, not to mention all
> the outages that would occur when those certs expired). Real-world
> security is all about finding a reasonable balance and adapting to the
> current threats.
The most recent change to POP3 mail retrieval over SSL is not a
reasonable balance. My organization uses Google Apps for mail hosting,
but a number of users also have us.army.mil accounts. They used to
pull mail from their .mil account into Google Apps via POP3. Army
servers do not allow unencrypted connections and their root
certificates are not part of the Mozilla Root CA list (and, as you can
guess, I have no control over their servers).
Google didn't just block the use of self-signed certs; you broke
communication with all servers using perfectly legitimate PKIs that
are not part of the Mozilla Root CA list. Thus, instead of
"self-signed certs = false sense of security," your argument is really
"not on some arbitrary root CA list = false sense of security," which
is absolute nonsense.
I talked to Google Apps support a few weeks ago, sent them a link to
this discussion, but all they could do is file a feature request.
IMHO, this change should never have been allowed to go into production
until there is an interface for uploading our own root certificates.
Of course, any root (i.e. self-signed) certificate can be used by the
POP3 server directly, so this would also solve the problem for people
trying to use self-signed certs not part of any PKI.
Finally, "asking users to generate and upload a self-signed cert would
be a customer-support disaster," so you just block their access
completely? Anyone who doesn't know how to generate and upload a
certificate would probably avoid encryption altogether, don't you
think? And as for "outages that would occur when those certs expired,"
what do you think people in my organization are dealing with right
now? Only an expired cert can be renewed or replaced, whereas our
access has been blocked and there is nothing we can do about it.
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the liberationtech