[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Gmail and SSL
- Subject: Gmail and SSL
- From: kmedcalf at dessus.com (Keith Medcalf)
- Date: Tue, 01 Jan 2013 19:53:42 -0700
Non prime number store certificates are acceptd for SMTP (25) both to and from google.
Perhaps this is CYA to prevent compromised gmail accounts from giving credentials from hijacked accounts to unknown servers.
I have no idea how credentials for gmails pop pickup work but perhaps having hijacked a gmail account the hijacker can just change the target pop server address without needing to know the target crefentials. ?Changing to a malicious pop server would allow the credentials for that account to be compromised.
Of course if this were the case I should think fixing the underlying brokedness in the UI might be a good idea as well.
Sent from Samsung Mobile
-------- Original message --------
From: Scott Howard <scott at doc.net.au>
Date:
To: "John R. Levine" <johnl at iecc.com>
Cc: nanog at nanog.org
Subject: Re: Gmail and SSL