Gmail and SSL

Christopher Morrow morrowc.lists at gmail.com
Wed Jan 2 18:39:40 UTC 2013


On Wed, Jan 2, 2013 at 1:08 PM, William Herrin <bill at herrin.us> wrote:
> As for Google (and anyone else) it escapes me why you would require a
> signed certificate for any connection that you're willing to also
> permit completely unencrypted. Encryption stops nearly every purely

raising the bar for observers is potentially a goal, no?
making it simple for people to get 'more secure' email isn't a bad
thing. (admittedly, requiring a signed cert now is more painful,
though startssl.com makes it less so).

> passive packet capture attack, with or without a signed certificate.
> Even without a signed cert an encrypted data flow is much more secure
> than an unencrypted one. It's not an all-or-nothing deal. Encrypted
> with a signed or otherwise verified cert is more secure than merely
> encrypted which is more secure than unencrypted on a switched path
> which is more secure than unencrypted on a hub. None of these things
> is wholly insecure and none are 100% secure.

boiling down the above you mean:
goodness-scale (goodness to the left)
  signed > self-signed > unsigned

I don't think there's much disagreement about that... the sticky
wicket though is 'how much better is 'signed' vs 'self-signed' ? and I
think the feeling is that:

'if we can verify that the cert is proper/signed, we have more
assurance that the end user meant for this cert to be presented. A
self-signed cert could be any intermediary between me/you... we have
no way to verify who is presenting the cert.'

-chris

(note the use of 'we' here is the 'royal we', I have no idea what the
real reason is, but the above makes some sense to me, at least.)



More information about the NANOG mailing list