Gmail and SSL
morrowc.lists at gmail.com
Wed Jan 2 18:39:40 UTC 2013
On Wed, Jan 2, 2013 at 1:08 PM, William Herrin <bill at herrin.us> wrote:
> As for Google (and anyone else) it escapes me why you would require a
> signed certificate for any connection that you're willing to also
> permit completely unencrypted. Encryption stops nearly every purely
raising the bar for observers is potentially a goal, no?
making it simple for people to get 'more secure' email isn't a bad
thing. (admittedly, requiring a signed cert now is more painful,
though startssl.com makes it less so).
> passive packet capture attack, with or without a signed certificate.
> Even without a signed cert an encrypted data flow is much more secure
> than an unencrypted one. It's not an all-or-nothing deal. Encrypted
> with a signed or otherwise verified cert is more secure than merely
> encrypted which is more secure than unencrypted on a switched path
> which is more secure than unencrypted on a hub. None of these things
> is wholly insecure and none are 100% secure.
boiling down the above you mean:
goodness-scale (goodness to the left)
signed > self-signed > unsigned
I don't think there's much disagreement about that... the sticky
wicket though is 'how much better is 'signed' vs 'self-signed' ? and I
think the feeling is that:
'if we can verify that the cert is proper/signed, we have more
assurance that the end user meant for this cert to be presented. A
self-signed cert could be any intermediary between me/you... we have
no way to verify who is presenting the cert.'
(note the use of 'we' here is the 'royal we', I have no idea what the
real reason is, but the above makes some sense to me, at least.)
More information about the NANOG