nanog mailing list archives

Re: Gmail and SSL

From: "Keith Medcalf" <kmedcalf () dessus com>
Date: Tue, 01 Jan 2013 19:53:42 -0700

Non prime number store certificates are acceptd for SMTP (25) both to and from google.

Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown 
servers.

I have no idea how credentials for gmails pop pickup work but perhaps having hijacked a gmail account the hijacker can 
just change the target pop server address without needing to know the target crefentials.  Changing to a malicious pop 
server would allow the credentials for that account to be compromised.

Of course if this were the case I should think fixing the underlying brokedness in the UI might be a good idea as well.


Sent from Samsung Mobile

-------- Original message --------
From: Scott Howard <scott () doc net au> 
Date:  
To: "John R. Levine" <johnl () iecc com> 
Cc: nanog () nanog org 
Subject: Re: Gmail and SSL

Current thread:

Re: Gmail and SSL Christopher Morrow (Jan 01)
- <Possible follow-ups>
- Re: Gmail and SSL Keith Medcalf (Jan 01)
  - Re: Gmail and SSL Christopher Morrow (Jan 01)
  - Re: Gmail and SSL Matthew Palmer (Jan 01)
  - Re: Gmail and SSL Mike Jones (Jan 01)
  - Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL Scott Howard (Jan 01)
- Re: Gmail and SSL Keith Medcalf (Jan 01)
- Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
  - Re: Gmail and SSL Steven Bellovin (Jan 02)
    - Re: Gmail and SSL Randy Bush (Jan 02)
    - Re: Gmail and SSL Steven Bellovin (Jan 02)
    - Re: Gmail and SSL Seth David Schoen (Jan 02)
    - Re: Gmail and SSL Steven Bellovin (Jan 02)
    - Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
  - Re: Gmail and SSL Christopher Morrow (Jan 02)
    - Re: Gmail and SSL William Herrin (Jan 02)

(Thread continues...)