Gmail and SSL

Jimmy Hess mysidia at gmail.com
Sun Dec 30 05:08:41 UTC 2012


On 12/14/12, Randy <nanog at afxr.net> wrote:
[snip]
> It explained that google is no longer accepting self signed ssl
> certificates. It claims that this change will "offer[s] a higher level  of security to better protect your information".

Hm...  Self-signed certificates, or   (worse) the use of hostnames not
on the certificate, are very common with POP/SMTP/IMAP over SSL/TLS
servers;  when setting up POP software, it is common that the user of
an e-mail service will have instructions to check and install the
certificate in the e-mail client,     instead of requiring a unique IP
address for every POP server mail domain, and a user purchased SSL
certificate for each IP.

The "major CAs" are not an authoritative list of  CAs that may be used
to sign POP, IMAP, or SMTP server certificates for various POP
servers'  on the internet;   so Google's choices would seem poorly
conceived in that regard.

If Google should wish to enforce a validation of SSL certificates, the
PKI authority required, should be specified by the user,  not Google,
or there should be a provision to accept any certificate  whatsoever,
 by fingerprint,  for a specific hostname;   defined by the user.

Google should go back to definitions.
   What is security:  security is the assurance that  the
Confidentiality, Integrity, and  Availability of data and systems are
protected.

How does this change apparently impact the assurances against risk?

    Availability:         This change breaks availability, for users accessing
     servers already using self-signed certificates.

     (In other words, the change itself is a compromise of security;
      the risk that you lose availability of access to your mail that you expect
      to be downloaded via POP3 is 100%,  if you have a self-signed
cert in place)

   Confidentiality:   The change prevents any transfer of data at all,
unless the
   user of a self-signed certificate makes one of three changes:

            (1)    Stop using gmail POP download altogether, in this
case, confidentiality
            assurance may be improved,  because no email can be downloaded
            and used with the service.    In general,   this may not
be much of an improvement,
            when email has already been transmitted in cleartext,
before it was placed
            on the remote POP server.
            (That might be their intended result --  discourage use of
POP downloads)


            (2)    Stop using SSL, and use regular POP3 instead.  In this case,
            confidentiality will be no better than before, and may be
significantly worse.
            A new risk of   breach by 'passive sniffing'  is created.

            When using SSL with a self-signed certificate;  passive
sniffing, or
            Deep packet inspection was not a risk:  an active attack
was a requirement.

            Therefore,  being forced to "never use SSL", even without
a CA signed cert,
            is not an improvement,  and a potential increase in risk.

            (3)   Users may  buy an official certificate, from a 3rd
party CA that Google trusts.
            In this case, the  SSL encrypted POP3  connections from Google to
            the POP server,  will have strong protection against
possible exposure of
            data in transit due to active Man-in-the-middle attack.


* In other words:  If you deem  Man-in-the-Middle attack more likely
than Passive sniffing exposure attacks  to discover users'  passwords,
and the majority of users'  POP servers likely to have or get
certificates from a CA that Google trusts,    then  forced  rejection
of  any other certificates may be an improvement in assurance against
these risks;      forcing the remaining users to not use SSL,  and
risk their password being exposed  is OK,   because you deemed  MITM
the greater risk.

If you do not make that assumption,  then it is not clear at all,
whether assurance of confidentiality has been improved or not;   it
may be improved slightly for some users, and terribly harmed for
many others.


    Integrity:   The change prevents any transfer of data at all, unless the
         user of a self-signed certificate makes one of three changes:

            (1)    Stop using POP download altogether, in this case, data
             cannot be altered by an unauthorized user as it transits
the network,
             data that wasn't downloaded couldn't have been tampered with.

            (2)    Stop using SSL, and use regular POP3 instead.
              In this case, a new risk of  "transparent inline
tampering" is created,
              without encryption, a full blown MITM attack is not required,
              a passive interceptor can flip random bits, as long as
they update the
              corresponding IP checksums;
              so there are new significant risks to integrity.

            (3)   Users may  buy an official certificate;  in this
case, the risk
               of  interception by inline Man-in-the-middle attack  is reduced.



> I don't believe that this change offers better security. In fact it is
> now unsecured - I am unable to use ssl with gmail, I have had to select
> the plain-text pop3 option.

> I don't have hundreds of dollars to get my ssl certificates signed, and
> to top it off, gmail never notified me of an error with fetching my


--
-JH




More information about the NANOG mailing list