[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gmail and SSL

Subject: Gmail and SSL
From: kmedcalf at dessus.com (Keith Medcalf)
Date: Sun, 30 Dec 2012 15:27:35 -0700

While i will agree that the client being able to validate the certificate directly is the best place to be, I do not see any advantage of requiring purchased certificates over self-signed certificates. ?IMO it provides no realistic security benefit at all.

Then again I don't award points for?
certificate verification having anything to do with identity verification of the remote party.

In other words, if I didn't sign it then the certificate posseses no more validity than an ephemeral self-signed certificate.

Of course, others are free to delude ?themselves with additional "theatrics" and false assumtions if they want to do so.

Sent from Samsung Mobile

-------- Original message --------
From: Christopher Morrow <morrowc.lists at gmail.com> 
Date:  
To: kmedcalf <kmedcalf at dessus.com> 
Cc: mysidia at gmail.com,nanog at nanog.org 
Subject: Re: Gmail and SSL

Prev by Date: Gmail and SSL
Next by Date: Gmail and SSL
Previous by thread: Gmail and SSL
Next by thread: btw, the itu imploded
Index(es):
- Date
- Thread