NNSquad - Network Neutrality Squad
[ NNSquad ] Unfortunate move by Google: Rejecting self-signed certificates
Unfortunate move by Google: Rejecting self-signed certificates
Gmail Drops Support for Connecting To Pop3 Servers With Self-Signed Certs
http://j.mp/TWO2BY (Slashdot)
"In a move not communicated to its users before hand, Google's Gmail
servers were reconfigured to not connect to remote pop3 servers that
have self-signed certificates, leaving folks with unencrypted
connections, or no service when getting email from other services. Not
good for the small folks. One suggestion was to allow placing the
public keys on Google's side in the user configuration. That would be
a heck of a lot better than just dropping users into never never
land." Apparently, "valid" now means "paid someone Google approves to
sign the certificate." It's not like commercial CAs have the best
security track record either.
- - -
While this doesn't affect me directly, I am still quite disappointed
by this action. Not only should this change have been communicated
*in advance*, but it is unnecessary as well. Please see my blog
posting "Toward Pervasive Internet Encryption: Unshackling the
Self-Signed Certificate": http://bit.ly/diFxdm
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad