nanog mailing list archives
Re: Gmail and SSL
From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Tue, 01 Jan 2013 19:53:42 -0700
Non prime number store certificates are acceptd for SMTP (25) both to and from google. Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown servers. I have no idea how credentials for gmails pop pickup work but perhaps having hijacked a gmail account the hijacker can just change the target pop server address without needing to know the target crefentials. Changing to a malicious pop server would allow the credentials for that account to be compromised. Of course if this were the case I should think fixing the underlying brokedness in the UI might be a good idea as well. Sent from Samsung Mobile -------- Original message -------- From: Scott Howard <scott () doc net au> Date: To: "John R. Levine" <johnl () iecc com> Cc: nanog () nanog org Subject: Re: Gmail and SSL
Current thread:
- Re: Gmail and SSL Christopher Morrow (Jan 01)
- <Possible follow-ups>
- Re: Gmail and SSL Keith Medcalf (Jan 01)
- Re: Gmail and SSL Christopher Morrow (Jan 01)
- Re: Gmail and SSL Matthew Palmer (Jan 01)
- Re: Gmail and SSL Mike Jones (Jan 01)
- Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL Scott Howard (Jan 01)
- Re: Gmail and SSL Keith Medcalf (Jan 01)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Randy Bush (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Seth David Schoen (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)