The server will have a self signed certificate.
The terms of the wager are that I will provide a client and a server system. I will put up $100,000, my testicles in a jar with a small plaque saying "These balls once belonged to a fool." You will put up $10,000 plus any required travel expenses to carry out the wager. You've now posted several times that self signed certs are useless and provide no security, in fact they lower security (from what baseline I must ask?) They just changed to "all or nothing," which will push many users to "nothing." They could allow users to upload a private CA cert, or the public side of an SS cert.
They could have made this level of SSL authentication configurable. Google could have cached self signed certs, and notified the user if they changed, which would have at least made MITM interception apparent.
Now, I realize that self-signed certs still leave an opportunity for MITM attacks, but something is better than nothing. So, instead of using SSL for it's encryption capabilities (Google is now forcing authentication as a bundle), some users will have to leave the connection wide open. However, this means that your password and email will not be protected while sent over the Internet, so we don't recommend disabling this. You can disable using SSL in Gmail by unchecking 'Always use a secure connection (SSL) when retrieving mail on the Accounts and Import tab in your Mail settings.
0 kommentar(er)
