Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Has Gmail's SSL Certificate Changed, How Would We Know?

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Google's Online Security Blog, are silent. The problem isn't specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificate's fingerprint may be communicated and/or verified by end users?"

4 of 233 comments (clear)

  1. I can still read... by candlebar · · Score: 3, Funny

    I can still read your email. It hasn't changed.

  2. Re:Revocation by houghi · · Score: 4, Funny

    google chome with their automatic background updates.

    That is why I use Firefox. I installed it when it was version 7 and it still is version ... (Checks version) ... How did it get to this version 23?

    --
    Don't fight for your country, if your country does not fight for you.
  3. Re:Revocation --- or Redundancy? by Anonymous Coward · · Score: 3, Funny

    And for more security, we can do *THREE* certificates. Count them! *THREE* for additional security.

    Super secure sites like banks can do *FOUR* certificates. If any one of the *FOUR* certificates break, then we know we're attacked! Even more secure if those *FOUR* certificates come through 4 different ways...

    Are you really suggesting that?! Do you even know how PKI works?

    Fuck it...we're doing *FIVE*.

  4. Re:Revocation --- or Redundancy? by Jesus_666 · · Score: 3, Funny

    Ah, the Gillette Encryption Standard. I'm just waiting for browsers to start supporting SSL Fusion Power Stealth.

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)