[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 29/04/13 21:31, Martijn Grooten wrote: > On Mon, Apr 29, 2013 at 3:15 PM, Brad Rogers wrote: >> Google really screw themselves with SSL certs, rolling them out over >> time across their mail servers so you get warnings(1) about certificate >> validity. I don't trust them to do anything else right, either. >> >> (1) Depends on your MUA and how you set it up. Several seem to accept, >> by default, anything google throws at them, which is a worry. > > I hadn't heard of this before. It'd surprise me, Google tends to be > pretty good when it comes to certificates. I'd heard that a couple of big players don't always have consistent certificates across their infrastructure. It was noted by the certificate notaries, as a case they need to handle. But inconsistent is not wrong by SSL standards. In the normal SSL case, all that matters is the certificate is correctly issued, and not revoked. I've not seen Google serving expired or otherwise invalid certificates, and reports of such are few and far between since 2010. If Brad has details... But then I don't use it for email currently, and I don't mandate SSL works correctly for my email (unlike Google - who recently have). Curiously I'm planning to move email to Google precisely because they do a better job on this sort of thing than I do. Clearly people who understand security at the helm and with time to track down when the Chinese government (allegedly) try and break into Gmail accounts and the like, which lets face it someone motivated and able is probably trying to crack someone elses gmail account several times a minute. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq