Gmail and SSL

Christopher Morrow morrowc.lists at gmail.com
Tue Jan 1 16:18:38 UTC 2013


On Mon, Dec 31, 2012 at 9:07 AM, John R. Levine <johnl at iecc.com> wrote:
> Also keep in mind that this particular argument is about the certs used to
> submit mail to Gmail, which requires a separate SMTP AUTH within the SSL
> session before you can send any mail.  This isn't belt and suspenders, this
> is belt and a 1/16" inch piece of duct tape.

wait, no... this was gmail's pop crawlers gathering mail from remote
pop services wasn't it? (or that was my impression at least).

so this is, I think, an attempt by gmail/google to protect their users
from intermediaries presenting a certificate for 'floof' self-signed
instead of iecc.com ...

-chris




More information about the NANOG mailing list