PaulDotCom mailing list archives

Can a sys admin see a gmail account

From: dagershman_dgt at dagertech.net (David A. Gershman)
Date: Mon, 14 Dec 2009 13:20:26 -0800 (PST)

My $.03:

I doubt anyone minds people trying to learn new things, so ask away.  As
for your question, again only from the network standpoint, a sys admin
should not be able to read the encrypted traffic.  There are a couple of
assumptions though:

  - You've configured Google mail to stay in SSL.
  - The SSL certs are valid *throughout* the login session (i.e. there
    was a vuln in SSL protocol recently.  Anyone want to take this
    point?)

Although, the forum answer is also correct.  As with any encryption, a
key is needed to decrypt.  So if the monitor/observer in the middle has
that key, then yes...they can decrypt and see the emails.

However, the key used to encrypt the SSL session is agreed upon by your
browser and the Google server "in a safe fashion" (i.e. using the certs
they encrypt the negotiation for the session key).  So the sys admin
should not be able to obtain the key in order to decrypt.

--David


Ok so my question was posted in a forum and someone gave me and answer but
didnt explain it and then the forum post was when closed on me.  So I will
ask here for clarity and try not to kill me for this, I am trying to

learn.


So if someone uses a corporate network to check a Gmail (using SSL).  If
they check to make sure that they have a secure connection -- once

connected

-- and then they check the certificate to see if the cert hierarchy

has been

tampered with.  Everything looks fine.  Are any admin or whomever able to
see you emails?  Forget about software on the computer you are using, only
through the network monitoring.

I was told in the forum that they could use a monitoring program like
wireshark to view them.  In the wireshark forum I read that you would need
the private key to decrypt the messages and in the forum they said that a
sys admin can get the private key?  Is that information correct?  and

if so

how would they be able to get the private key?


Thanks in advance


----------------------------------------
David A. Gershman
gershman at dagertech.net
http://dagertech.net/gershman/
"It's all about the path!" --d. gershman

Current thread:

Can a sys admin see a gmail account, (continued)
- - Can a sys admin see a gmail account David Auclair (Dec 15)
- Can a sys admin see a gmail account Abdul Qabiz (Dec 15)
  - Can a sys admin see a gmail account Michael Miller (Dec 15)
    - Can a sys admin see a gmail account Abdul Qabiz (Dec 15)
    - Can a sys admin see a gmail account bhoff at itworldclass.com (Dec 15)
    - Can a sys admin see a gmail account Joel Esler (Dec 15)
    - Can a sys admin see a gmail account Michael Douglas (Dec 16)
    - Can a sys admin see a gmail account Abdul Qabiz (Dec 16)
    - Can a sys admin see a gmail account d4ncingd4n at gmail.com (Dec 16)
    - Can a sys admin see a gmail account Butturini, Russell (Dec 16)
- Can a sys admin see a gmail account David A. Gershman (Dec 14)