gmail security is a joke

Blair Trosper blair.trosper at
Thu May 28 19:09:39 UTC 2015

Somewhat in the weeds here, but I still find it odd/curious that Google is
still using SHA-1 fingerprinted SSL certificates.

Weren't they making a big deal of pushing SHA-2 fingerprinted SSL certs a
while back?

On Wed, May 27, 2015 at 12:16 AM, Octavio Alvarez <octalnanog at>

> On 05/26/2015 08:44 AM, Owen DeLong wrote:
>> I think opt-out of password recovery choices on a line-item basis is
>> not a bad concept.
>> For example, I’d want to opt out of recovery with account creation
>> date. If anyone knows the date my gmail account was created, they
>> most certainly aren’t me.
>> OTOH, recovery by receiving a token at a previously registered
>> alternate email address seems relatively secure to me and I wouldn’t
>> want to opt out of that.
>> (( many more snipped ))
> I would definitely opt-out from any kind of "secret questions" that I
> couldn't type by myself.
> Many many sites still think this is a good idea.
> Best regards.

Blair Trosper p.g.a.
S2 Entertainment Partners
Desk:  469-333-8008
Cell:  512-619-8133
Agent/Rep:  WME (Los Angeles, CA) - 310-248-2000
PR/Manager:  BORG (Dallas, TX) - 844-THE-BORG

More information about the NANOG mailing list