
Gmail now refusing to fetch using self-signed certs - mleonhard
http://support.google.com/mail/bin/answer.py?hl=en&answer=21291&ctx=gmail#strictSSL
======
RyanZAG
People don't seem to understand how insecure self-signed certs are (and aren't
if provisions are taken).

1) A self-signed cert provides zero protection against just about any attack
that would work on clear text - any attacker can simply create their own self-
signed cert and pretend to be you, and Google would have previously accepted
this and happily accepted the incorrect mail. This is broken security in every
way, and it is better to use no security since at least nobody can believe it
is secure.

2) Self-signed certs are actually stronger than 'chain of trust' certs,
provided you can trade the public cert in advance. Google should have a box on
their POP fetch page where the public cert can be entered. This is more secure
and the correct way to handle the problem, rather than blocking self-signed
certs.

Self-signed certs are perfectly valid if the public cert is provided
beforehand. Self-signed certs with the public cert used unchecked from the
server is COMPLETELY BROKEN.

TLDR; Google needs to provide a box for the user to upload the mail servers
public certificate.

~~~
akirk
What about having your own (self-signed) CA? You sign your own certificates
and import that CA on your computer. Would this effectively prevent a man in
the middle attack?

~~~
RyanZAG
It will prevent it as long as the client has your CA's public certificate
embedded. Browsers/OS embed all of the normal CA's certs so that you know any
cert signed by a regular CA is authentic. However, regular CAs are not
incredibly trustworthy and are a security problem... (Regular CAs can be
attacked with fairly easily with social attacks, and some CAs can even be
bribed or hacked.)

Giving Google your CA or your public mail cert are effectively the same thing
in theory, as long as Google only uses your CA cert to authenticate your own
servers and not anybody elses.

In practice, current CA management software in most OSes is (imho) faulty, and
will allow any CA in the chain to authenticate any cert. This probably needs
to be fixed at some point... So until then, there is no way Google is going to
accept your CA, but they SHOULD change their systems to accept a specific
public cert for a mailserver for POP3 fetching.

~~~
Nursie
You would hope the smart minds at google could come up with a management
system for this fairly easily, though I guess it does add complexity when
you're dealing with potentially millions of these servers and millions of
trusted roots.

------
nodata
This is kind of a dickish move on Google's part: you don't just suddendly do
something like this, you notify in advance and give time for people to switch
over.

StartSSL is on the Mozilla CA list, so it should work with gmail. They offer
free certs:

<https://www.startssl.com/?app=1>

Not tested yet.

~~~
codeka
I agree it sucks that there was no warning, but why would you be using self-
signed certificates in this situation anyway? There's almost no benefit at all
and in fact all it really does it give you a false sense of security that your
connection is "secure" when in fact it's not.

~~~
aw3c2
Sure there is a benefit! Unless you specifically are being targetted with a
MITM, your mail will be save and encrypted anywhere between your originating
server and Google's receiving server. No ISP or government router traffic
harvesting.

~~~
icebraining
If the government wants to harvest your traffic, MITM'ing is not really a
great impediment. It might be an impediment for your ISP because of the
economic constraint it imposes, but even that is not certain.

~~~
aw3c2
As I said, this is no precaution about targetted attacks. It works well
against the default packet inspection and probably also storage routers (can)
do.

------
Zash
Gmail now refusing to fetch what from who, where, when?

Is this about people who forward their mail to gmail?

~~~
nodata
Gmail will collect pop email from other servers if you tell it to. From
Wednesday, and without warning, Gmail will refuse to collect that e-mail if
the remote pop server uses a certificate issued by a non-recognised CA, e.g.
self-signed certs.

------
eze
Please pardon my security ignorance, but I can't understand why Gmail takes
this action while accepting incoming email from unsigned servers. That is, I
like to toy with out-of-the-box Postfix setups in VPSes, and Gmail (still)
accepts messages from my test domains. (Well, maybe the first one gets flagged
as spam, but still.)

Considering that I have taken no actions whatsoever to secure/sign my server,
why does Google consider this legitimate? I find it inconsistent. Also, isn't
DNS unencrypted in the first place? Is there something like HSTS for mail?

Thanks in advance for any help in clarifying this.

Edit: HSTS, grammar.

------
jessaustin
The consensus in this discussion seems to be that Google should just allow
each mail user to enter a cert (or hash thereof) for each self-signed mail
server they're polling. And then each user would need to update each cert
every time it changed, or the IP address changed, or whatever. But first the
user would need to notice the change, which might not be easy if that email
address was low-traffic. (I'm assuming we're not talking about user-controlled
servers, because in such a case why not just forward?)

Who would want to get a notice every time the mail server had the wrong
credentials? If it's a short-term thing the user can't do anything about it.
If it's a long-term thing the user might be able to do something, or she might
not. She'll probably just conclude "Gmail is broken", when in fact it is the
upstream server that can't be arsed to buy a usable cert and take part in the
(admittedly imperfect) CA PKI. Instead they'd like the user to take part in
some ad hoc PKI that they'd like Google to set up for them. Are users less
likely to screw up cert management than service providers? In general, making
the user do work that the service provider could do is a bad smell.

This would be a giant can of worms. This scheme is not something that any
other webmail provider does, and there could be security flaws that haven't
occurred to us. This service would only be usable by the minority of users who
can understand most of the comments on this page. Google would be blamed when
things went wrong, rather than the self-signing mail servers who deserve the
blame. Credit to Google for avoiding such a morass.

------
lucian1900
I've often wondered whether tls/ssl should work more like ssh, where there's
an initial leap of faith and the public key is remembered afterwards (and you
get warned if it changes).

------
lemonade
Also if the certificate is published in the DNS, and available through DANE
(using DNSSEC)? That would be very disappointing.

------
rdl
Given that startssl offers free "real" certs, I think it's probably ok to ban
self-signed certs by default for a lot of things. The key thing is allowing
end users to override in some cases, and giving helpful error messages (which
gmail seems to be failing on).

~~~
zobzu
that makes no sense, startssl isnt required to provide free ssl certs. they
can stop any day. plus its a limited cert, one subdomain max.

------
barking
I have mail forwarded from from me@mydomain to me@gmail so if I've understood
correctly then this might potentially affect me. How would one check now,
rather than waiting till wednesday to find out if there is going to be a
problem?

~~~
RossM
No, this only affects users who retrieve email via POP(/IMAP?) into Gmail as
separate accounts. Oddly enough this is happening on one of my accounts and
not the other, yet I know both have self-signed certs.

~~~
barking
Great, thanks for the info

------
Nux
Google are being dicks once more.

Between my own self-signed zero security (as someone claims) certificate and
your usual Comodo.com-anyone-can-haz-a-wildcard-cert I'd definitely go for the
first.

~~~
RyanZAG
Anybody can self-sign their own certificate to copy yours in seconds.

A Comodo.com-anyone-can-haz-a-wildcard-cert is definitely safer as it takes
far more effort to acquire the wildcard-cert and it leaves behind a financial
paper-trail as the wildcard-cert must be paid for by someone. Definitely a
long way from secure (stolen credit cards?), but still definitely safer than
self-signed.

Of course, self-signed where you transmit the public key beforehand is much
safer than both. Some type of 'group trust' system using quorums would be
safer also.

------
ck2
If you are using a self-signed cert, your content is probably available over
http anyway so you wouldn't want duplication of http + https or you'll get a
penalty.

Just use a free startssl cert if it's important to be indexed via https

~~~
telent
Er, this is email we're talking about here, not http

~~~
ck2
Ugh thanks for pointing that out - way too early for me and I glossed over the
"gmail" part vs google.

