Gmail and SSL
kmedcalf at dessus.com
Wed Jan 2 02:53:42 UTC 2013
Non prime number store certificates are acceptd for SMTP (25) both to and from google.
Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown servers.
I have no idea how credentials for gmails pop pickup work but perhaps having hijacked a gmail account the hijacker can just change the target pop server address without needing to know the target crefentials. Changing to a malicious pop server would allow the credentials for that account to be compromised.
Of course if this were the case I should think fixing the underlying brokedness in the UI might be a good idea as well.
Sent from Samsung Mobile
-------- Original message --------
From: Scott Howard <scott at doc.net.au>
To: "John R. Levine" <johnl at iecc.com>
Cc: nanog at nanog.org
Subject: Re: Gmail and SSL
More information about the NANOG