Gmail and SSL

William Herrin bill at herrin.us
Wed Jan 2 18:08:50 UTC 2013


On Sun, Dec 30, 2012 at 10:46 PM, John Levine <johnl at iecc.com> wrote:
> So the only assurance a signed cert provides is that the person who
> got the cert has some authority over a name that points to the mail
> client

What other assurance are you looking for?

The only point of a signed server certificate, the ONLY point, is to
prevent a man-in-the-middle attack where someone who doesn't control
the name decrypts the traffic from the server, reads it, and then
re-encrypts it with his own self-signed key before sending it to you.
If the signature accomplishes that goal, it has done 100% of what it's
designed to do.

In theory a signature can mean anything the signing authority defines
it to mean. In practice, that also requires special handling from the
users... behavior web browser users don't engage in.

As for Google (and anyone else) it escapes me why you would require a
signed certificate for any connection that you're willing to also
permit completely unencrypted. Encryption stops nearly every purely
passive packet capture attack, with or without a signed certificate.
Even without a signed cert an encrypted data flow is much more secure
than an unencrypted one. It's not an all-or-nothing deal. Encrypted
with a signed or otherwise verified cert is more secure than merely
encrypted which is more secure than unencrypted on a switched path
which is more secure than unencrypted on a hub. None of these things
is wholly insecure and none are 100% secure.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the NANOG mailing list