Gmail and SSL

Randy nanog at afxr.net
Fri Dec 14 15:47:03 UTC 2012


I'm hoping to reach out to google's gmail engineers with this message,
Today I noticed that for the past 3 days, email messages from my 
personal website's pop3 were not being received into my gmail inbox. 
Naturally, I figured that my pop3 service was down, but after some 
checking, every thing was working OK. I then checked gmail settings, and 
noticed some error.
It explained that google is no longer accepting self signed ssl 
certificates. It claims that this change will "offer[s] a higher level 
of security to better protect your information".
I don't believe that this change offers better security. In fact it is 
now unsecured - I am unable to use ssl with gmail, I have had to select 
the plain-text pop3 option.

I don't have hundreds of dollars to get my ssl certificates signed, and 
to top it off, gmail never notified me of an error with fetching my 
mail. How many of email accounts trying to grab mail are failing now? I 
bet thousands, as a self signed certificate is a valid way of encrypting 
the traffic.

Please google, remove this requirement.

Source: 
http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL



More information about the NANOG mailing list