Gmail Goes HTTPS Only For All Connections

Trailrunner7 (1100399) writes "Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections. The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure. This makes life much more difficult for anyone—including the NSA–who is trying to snoop on those Gmail sessions." GMail also does TLS for SMTP, but regrettably Talk (what's left of it) does not do TLS for XMPP server-to-server connections, effectively forcing XMPP server admins to lower their security if they want to federate with Google.

More lip service

The NSA has compromised certificates so this will make no real difference.
This is the backscatter xray machine of internet security.

Re: More lip service

[vadim_t]

Google has their own CA. Of course the NSA may demand certs from them, but Google will have to know, so the NSA can't do it secretly anymore

Re:More lip service

[DickBreath]

Better to compromise certificate authorities than to compromise certificates.

After all, who wouldn't trust a certificate authority. There are so many to choose from.

If your browser is presented with a genuine signed Google.com certificate, issued by Honest Achmed's Trusty Certificates of Tehran Iran, then why shouldn't your browser just trust this certificate from a trusted CA?

Re: More lip service

[AlphaWolf_HK]

So long as Google can read your emails, so can the NSA. All they have to do is get a court order. With the way email works, any email provider can read your emails really, so it's not just google.

What ultimately needs to happen is for emails to become assymetric encrypted.

Re:More lip service

[Trax3001BBS]

The NSA has compromised certificates

Odd you should mention that. The link in the summery gave me a bad cert alert for */hs.llnwd.net this has happened to me before (Opera 12). llnwd.net is a source for video http://support.brightcove.com/...

I see it as a problem with Opera, but reject them just in case.

Re: More lip service

[vadim_t]

Obviously. I didn't claim otherwise

Re: More lip service

[heypete]

Google has their own intermediate CA, which is a subsidiary of GeoTrust. Given that such an intermediate could issue certs for the global internet, GeoTrust probable provides a "managed PKI" service where they retain control of the intermediate so that it will only issue certs for Google-controlled domains.

In such a situation, GeoTrust could be compelled to issue certs using Google's intermediate CA without Google's knowledge.

Alternatively, if Google maintained control of the intermediate, the NSA would need to compel Google to generate certs for them from their own intermediate. However, if the NSA went to GeoTrust and demanded that they generate an intermediate CA with all the same details (CN, O, OU, etc.) as the Google one, the NSA could generate certs for Google without Google knowing.

Re: More lip service

[Wootery]

but Google will have to know, so the NSA can't do it secretly anymore

Sure, but that doesn't matter. Google (will roll | have rolled | are rolling) over for the NSA, so you don't gain anything by this.

The moment the NSA have to ask you personally, that's when you're onto something. End-to-end crypto gives you that, of course.

Related: Tox secure IM, the Blackphone. Do keep an eye on those two projects. Promising stuff.

Re:More lip service

[ObsessiveMathsFreak]

If your browser is presented with a genuine signed Google.com certificate, issued by Honest Achmed's Trusty Certificates of Tehran Iran, then why shouldn't your browser just trust this certificate from a trusted CA?

Because if you don't accept, your browser will emit a shrill piercing wail, loudly declaiming your obscene and hertical attempts to use a secure connection which has not been certified. A yellow clad official -- likely of Arstotzkan origin -- will appear to lend an air of official disapproval to the disgraceful suggestion that you should prefer encryption, any encryption, over plain text without authentication.

So, you must Accept Our Glorious CA Validated HTTPS Protocols or else revert to wide open plain text. Cause no trouble.

P.S.

I personally believe that Firefox's self signed policies were the result of NSA lobbying/influence at Mozilla. The secure web was set back a decade by this decision, and the fallout has render the entire CA and hence https infrastructure all but useless.

Re:More lip service

[kqs]

Oh noes! You are clearly smarter than Google, since they didn't think of that!

Re: More lip service

[Khashishi]

Google may have to know, but you won't know.

Re: More lip service

[AmiMoJo]

More over Google have positioned themselves so that even if there was a secret court order to provide a certificate to the NSA it would be immediately obvious what had happened. Chrome pins Google certificates so if they change the user will be notified immediately. The court could order Chrome to have the new cert pinned as well, but of course it wouldn't affect older versions released prior to the order.

Google does seem to be genuinely trying to resist, even if ultimately it may be futile. At least they made that much harder.

Re:More lip service

[AmiMoJo]

If your browser is presented with a genuine signed Google.com certificate, issued by Honest Achmed's Trusty Certificates of Tehran Iran, then why shouldn't your browser just trust this certificate from a trusted CA?

Because Google pin their certificates in Chrome, so the user would be instantly warned of the change. For non-pinned certificates you need to install a plug-in.

Re:More lip service

[whoever57]

Better to compromise certificate authorities than to compromise certificates.

Let's say you work for a large tech company based in Mountain View and, when connecting from home, you actually inspect the certificate that is presented to your browser and it isn't the certificate that you expect. What do you do?

Next, assume you tell your bosses. What do they do?

Re: More lip service

[epyT-R]

What google's doing is just a stupid PR stunt. They are legally bound by law not to acknowledge any NSA wiretapping, so when it became public knowledge they put on a show of faux outrage as a PR stunt. I guarantee the NSA is still getting google traffic and that google is complicit in it.

Re: More lip service

[AmiMoJo]

Of course it matters. The NSA is trying to spy on everyone all the time, and this means they will have to do far more to target individual Gmail users instead of just hoovering it all up. That's the goal, to make mass surveillance impossible or at least extremely costly. It doesn't have to be perfect to do a lot of good.

Re: More lip service

[Wootery]

Google is in bed with the NSA. The NSA have Google's keys. There is at best some level of inconvenience for the NSA, but nothing more. Nothing to stop them spying on millions.

You, the spied-on end-user, do not benefit. (Well, HTTPS might keep others out, but not the NSA.) You are not made aware of when the NSA spy on you.

Anyway, even before Gmail 'went HTTPS only', virtually all use of GMail was surely still through HTTPS.

Re: More lip service

[AlphaWolf_HK]

This was meant to be a reply to a different post (I hit a different reply link from what I intended) but anyways I think I got my point across enough that I didn't create a second identical post in the correct place.

Re: More lip service

What evidence do you have for this? Having worked for both (no, not concurrently) I have seen first hand that degree of *non*cooperation going on here, including the violation Googlers felt when we saw they were tapping our lines and quick responses (not all of which has been reviled externally).

Or you can continue to believe that http://www.google.com/transparencyreport/userdatarequests/ is a lie to cover up a massive conspiracy, and Google doesn't really care about things like https://www.reformgovernmentsurveillance.com/.

Re: More lip service

[AlphaWolf_HK]

If the cryptography used is strong enough it would be. Even though RSA rigged one of their implementations, the math behind it is still solid and can be used without the NSA breaking it. If that really bothers you still, you could always go with elliptic curve. The bonus of EC is that its smaller keys are as good as longer RSA keys, so no need for crazy 4096 bit pads.

Re:More lip service

[TheRaven64]

This is why Ben Laurie and others at Google (and elsewhere) are pushing certificate transparency. This is basically a mechanism to see that the certificate that you see for server X is the same as the certificate everyone else sees. It means that the NSA has to either steal the certificate that Google uses, or MITM all connections to Google to be able to compromise the connection without detection. Or just ask Google to do it on their server...

Re: More lip service

[Shaiken]

It'd be a huge improvement if the NSA had to go get a court order every time they wanted to read someone's e-mail (or whatever).

The biggest problem right now is that they're just sucking up everything they can get their hands on. That has to be stopped. Individual court orders are OK. Those are a normal part of police investigation and they're totally acceptable (assuming mostly functional courts of course).

Re:More lip service

[Agripa]

All it takes is for one compromised certificates to be saved for analysis. It is not going to match the standard certificate and either someone forged it with the certificate authority's key or the certificate authority made it. Either way, it represents proof that they were compromised.

Re: More lip service

[Wierdy1024]

Google gets chrome to randomly send back certificates, and they then analyse them.

Yes, the return certs could be modified in transit, or blocked, but that's tricky.

Re: More lip service

[Wootery]

I hope you're right, but there's not much in this privacy/NSA game to inspire anything but cynicism.

What evidence do you have for this?

Got me there; not sure where I heard this actually.

Uh the NSA post it says different

[goombah99]

Does Google not recall the NSA post it note showing that they intercept the post-SSL server to server commuincations within the googleshpere? NSA doesn't care about HTTPS to google as long as that back channel is still there.

Re:Uh the NSA post it says different

[goombah99]

Here's a link:

http://www.gizmodo.com.au/2013...

Re:Uh the NSA post it says different

[Charliemopps]

Supposedly Google recently closed that loophole. But I seriously doubt that was the NSA's only way in. If I were running the NSA, half the staff at google would be my agents. If that's truly the case, there's basically nothing google can do to stop them.

Re:Uh the NSA post it says different

[QuasiSteve]

Isn't that in part what this..

The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers.

..is supposed to refer to?

Of course if they're just going to pretend to be Google and fool browsers into thinking they're talking to Google and decrypt/re-encrypt at that point, there's not much Google can do about it anyway.

Re:Uh the NSA post it says different

Google was only furious because the NSA was accessing the data without paying.

Re:Uh the NSA post it says different

[DickBreath]

> Google was only furious because the NSA was accessing the data without paying.

Wrong. Google was only furious because the NSA was accessing the data without seeing ads.

Re:Uh the NSA post it says different

[SuperKendall]

Even worse, the NSA was NOT contributing metrics back for what they were viewing.

There's real value in knowing to properly target ads for tinfoil to people that actually need it.

Re:Uh the NSA post it says different

[kqs]

Of course if they're just going to pretend to be Google and fool browsers into thinking they're talking to Google and decrypt/re-encrypt at that point, there's not much Google can do about it anyway.

Yeah, not much they can do.

Re:Uh the NSA post it says different

[gstoddart]

If that's truly the case, there's basically nothing google can do to stop them.

Walk in with a couple of FISA warrants and a few guys in dark suits .. and guess what? There's still not a fucking thing Google can do to stop them.

At best Google will encourage better security from other parties, but if you think you can stop Big Brother carrying a FISA warrant that says your ass goes to jail for a long time if you tell anybody ... well, you're awfully naive.

This is good PR, and it's good security practice. But it can do nothing at all from having the feds simply demand they hand something over, or give them hooks into the system where it's unencrypted, or handing over their entire database, or any other thing they want.

The PATRIOT Act more or less guarantees that no American company could legally keep the NSA out (or whatever agency has the right paperwork).

No company operating in American soil has that ability any more. Period. And in other countries, either they just do it by sneaky means, or the local government steps in and makes the same kind of request.

We have entered a world in which the most raving tin-foil hat conspiracies are essentially true. And due to the secrecy requirements of the secret laws, if you tell someone (or try to) they'll just unleash those powers on you personally. And that will not end well for you.

Big Brother is here, right now. And he'll neither give up the powers he's got, nor allow you to tell someone when he exercised them.

Re:Uh the NSA post it says different

[swillden]

Here's a link:

http://www.gizmodo.com.au/2013...

That document is what motivated Google to encrypt all links between data centers, specifically to stop that.

Re:Uh the NSA post it says different

[swillden]

Google was only furious because the NSA was accessing the data without paying.

Google doesn't sell user data to anyone. What makes you think they'd be happy to give it to the NSA if they were paid? If Google were interested in exchanging user data for money (and if it didn't contradict Google's privacy policy), they could sell lots of it.

Re:Uh the NSA post it says different

[bill_mcgonigle]

Walk in with a couple of FISA warrants and a few guys in dark suits .. and guess what? There's still not a fucking thing Google can do to stop them.

If I were Google and seriously concerned about this, I'd encrypt the data in a chaining mode and keep half(+-) of the bits in different data centers in different jurisdictions.

Yeah, the bandwidth issue is real. But the best a gang could do is seize some drives with nothing useful on them. They'd be better off attacking the suspect's machine, and then at that point it's no longer Google's secret problem.

Re:Uh the NSA post it says different

[gstoddart]

If I were Google and seriously concerned about this, I'd encrypt the data in a chaining mode and keep half(+-) of the bits in different data centers in different jurisdictions.

Right. Sounds good in a paperback novel.

But when they can compel you to hand over your data and not tell anybody, they can compel you to hand over all your data, including how to assemble the bits again. A National Security Letter is an all powerful writ if they want them to be.

You really think "no sir" or "we don't know how" are going to hold up to this kind of pressure? When they can march everyone involved off to jail and simply find the next batch of Google folks who know how to do it?

Are you missing the whole thing where they can compel you (under threat of secret federal law), detain you (under whatever secret provisions they have), and generally make life miserable for you and your family? "Sorry Ma'am, but, yes, we do need to seize your house and your kids' college fund. No Ma'am, we can't tell you why. No Ma'am, we can't tell you where your husband is. No Ma'am, nobody is going to give a job to someone married to someone who helped terrorists."

I seriously doubt as a practical matter Google could keep the NSA out. Because as long as they're legally entitled to it (so they say) and in possession of the paperwork from the right judge (who may or may not just rubber stamp it) ... what is your recourse when the all powerful Big Brother shows up?

The terms of the PATRIOT Act more or less say that if Uncle Sam comes knocking with the right paperwork, non-compliance isn't an option, and telling someone about it isn't an option.

If you as a private individual hold out and are willing to go to jail for your convictions, I'm sure they'd accommodate you. But a corporation? No way that would happen -- which is why they get compensated for their manpower and reminded not to tell anybody. But it really is a case where there's nothing voluntary about this when you're talking about corporations. Unless the company more or less caves in and decides to be as helpful as possible to make their lives easier.

I wish you were right, and that what you say could happen. But I fear the US has more or less created their own all-powerful agency of State Security, which is ruthless, powerful, and capable of doing whatever the fuck they want.

And that's before you start assuming they're doing more than is either strictly legal, or that they're even willing to allow us know is happening.

Re:Uh the NSA post it says different

[swillden]

Unless google invented practical homomorphic algorithms, It's still decrypted somewhere. Just a different post it note.

Obviously it's decrypted, but only inside data centers... and maybe only inside servers. In either case it's still ultimately accessible, but we're talking about different classes of spying problems: tapping a fiber running hundreds of miles across open country vs tapping a switched network inside an access-controlled building vs extracting data from a running machine.

Granted that it wouldn't be too hard for an organization like the NSA to obtain surrepititious access to a Google data center, but the logistical scale of the problem multiplies enormously when you have to somehow tap every one of hundreds of switches or tens of thousands of machines. And the odds of getting noticed increases non-linearly with scale.

Re:Uh the NSA post it says different

[DickBreath]

Not a girl.

Doesn't matter

The feds have all the SSL keys anyhow.

Re:Doesn't matter

[Agent+ME]

If perfect forward secrecy is used in the connections (which most HTTPS sites seem to do last I checked), then knowing the private keys doesn't even help them decrypt a connection, *unless* they're actively man-in-the-middling the connection from the start (which I'm sure they do often against interesting people, but probably not anywhere near 100% of everything).

Re:Doesn't matter

[vux984]

Unless Google is just handing them everything anyway via Prism, or whatever other programs are in place.

This is like installing bars over the windows to keep the govt out, knowing full well you already gave them the keys to the front door.

Re:Doesn't matter

[glenebob]

Somebody mod this up. This is dead right.

Google can encrypt the data all they want, right down to encrypting it when it arrives, and leaving it encrypted for its lifetime on their servers, but the NSA can just say "gimme the data AND the keys to unlock it". The keys are just data, and obviously Google has access to them, therefore so does the NSA.

Re:Doesn't matter

[Khashishi]

It exists is to protect against folks like lulzsec, not the government.

Re:Doesn't matter

[swillden]

Somebody mod this up. This is dead right.

Google can encrypt the data all they want, right down to encrypting it when it arrives, and leaving it encrypted for its lifetime on their servers, but the NSA can just say "gimme the data AND the keys to unlock it". The keys are just data, and obviously Google has access to them, therefore so does the NSA.

More precisely, the NSA would just say "gimme the decrypted data". But it's simply wrong to say that's not an important difference.

If the NSA can snoop all connections they can scoop up terabytes of data and figure out later what's interesting and no one is the wiser. If they have to ask Google, they have to make the request specific and they have to provide justification that will satisfy some set of legally-defined standards -- and Google will then add the request to the published transparency statistics so legislators and voters can see how much is being done and decide if it's excessive.

There's a huge difference there.

Oh, and I can't think of any case in which the government could legally demand the keys.

Re:Doesn't matter

[vux984]

Of course that is true, and I wouldn't have made my comment if THAT is what the summary stated... but instead the entire summary is framed around the NSA...

From the first sentence:
"Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions."

to the last one:
"This makes life much more difficult for anyoneâ"including the NSAâ"who is trying to snoop on those Gmail sessions."

So... its only natural that any argument is also framed within the context of the NSA.

Re:Doesn't matter

[vux984]

Oh, and I can't think of any case in which the government could legally demand the keys.

Pretty sure that's exactly what they did to Lavabit:

The government's move against Lavabit was resisted tenaciously by Levison. After much wrangling, Levison eventually handed over Lavabit's cryptographic key in digital form, after earlier trying to satisfy a court order by printing out and handing over a copy of the key in 4-point type, a move that irked the judge handling the case.

After Lavabit resisted complying with government demands, it was held in contempt of court and fined $5,000 a day until it turned a machine-readable version of the key over.

http://www.theregister.co.uk/2...

Re:Doesn't matter

[swillden]

You really need to read the whole Lavabit story. Basically, the government was able to convince the court that the combination of Lavabit's security architecture and the company's early stonewalling demonstrated that the only way to be sure they got all of the data the court had ordered Lavabit to hand over was to require the keys. Had Lavabit complied initially and just handed over the requested data the question of keys would never have come up.

That may seem like a subtle distinction, but it's not. The court never said that the government has a general right to demand keys, it just said that in that particular case there were factors which meant that merely asking for the data was not going to work, and that, therefore, the government could demand the key.

In Google's case, if the government asks -- through correct legal channels and with an appropriately-specific request -- for your e-mail, Google can and will simply comply with the request, which means that the government has no need to get keys. The only reason the government would ask for keys is in order to obtain the ability to do mass surveillance which cannot be justified Constitutionally -- and Google has the legal and technical resources to make that argument and to appeal it to the highest level.

Re:Doesn't matter

[vux984]

So to sum up:

As long as you give them everything they ask for, AND they believe you have done so. Then they can't ask for the keys.

If you don't give them everything they want, or they don't beleive you gave them everything they want, then they can ask for the keys too, and get them.

That's a loophole big enough to drive a truck through.

The only reason the government would ask for keys is in order to obtain the ability to do mass surveillance which cannot be justified Constitutionally

Well that, or they don't trust that you really gave them everything they asked for. Or at least that's what they can say.

Had Lavabit complied initially and just handed over the requested data the question of keys would never have come up.

Indeed. And if I always answer everything the cops ask me for in the affirmative the question of an illegal search will never come up either.

Re:Doesn't matter

[swillden]

As long as you give them everything they ask for, AND they believe you have done so. Then they can't ask for the keys.

No. There hasn't been a single example, AFAIK, of a company complying with a court order then not being believed.

That's a loophole big enough to drive a truck through.

It's not a "loophole" because (a) that's not what happened and (b) even if it had happened it would have been a case of one unreasonable judge, not a systemic issue. That's what appeals are for, etc.

Re:Doesn't matter

[vux984]

There hasn't been a single example, AFAIK,

And how exactly would we know? When the court proceedings are largely secret with national security gag orders attached?

The lavabit situation is pretty unique in that we even found out about it.

And whether or not its a loophole is mooted by the fact that you suggest we can avoid even being asked for the keys by handing over anything and everything that is requested in the first place.

https://NSA.certificate.gov

[fustakrakich]

This is nothing but a waste of bandwidth and only makes tracking easier. Oh, wait... now I get it.

What version? Also, Google Talk is pretty dead.

[twocows]

Are they using SSL, or are they using TLS? Which version of either are they using? Most modern browsers support TLS 1.1 and 1.2, but I can imagine Google falling back to 1.0 or even SSL for compatibility with fossils.

As much as I personally love Google Talk, it's about as dead as you can get. Most links have been redirected to Hangouts, and those that aren't, you have to access manually. If anyone cares, here's the only working link that I'm aware of for Google Talk: http://www.google.com/talk/ind...

Re:What version? Also, Google Talk is pretty dead.

[Baloroth]

I just checked, TLS 1.2 when supported, but they will fall back to 1.0 if the browser doesn't support newer 1.1/1.2. Didn't see if they'll fall back to SSL or not (or if it falls back to 1.1 at all).

Whew!

Glad to know that the copy of my mail stored for "archival purposes" in the service formerly known as Postini was sent there securely.

Pheww!

What a relief. Now the only people that can get my data are government agencies that ask for it and advertisers that pay for it.

Encrypting Data at Motion, not Data at Rest

[joeflies]

SSL/TLS is only for data in motion, and applications that choose to use it. Anyone who gets access to the backend will still be able to freely read as much content as they like

Re:Encrypting Data at Motion, not Data at Rest

[blueg3]

Encrypting data at rest doesn't get you much. Anyone who gets access to the backend gets access to the cryptographic keys used to read the data at rest.

This is the case whenever the attacker has access to the cryptographic endpoint. The fact is, as long as Google is one of the cryptographic endpoints, if you have access to Google's data, you have access to it regardless of whether you pretend to encrypt it. The only way you can significantly change that is to make yourself (that is, the person sending and the person receiving the e-mail) the cryptographic endpoint, so that Google only ever sees ciphertext.

But that's not very convenient.

Re:Encrypting Data at Motion, not Data at Rest

[joeflies]

I was primarily commenting because the summary said "Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure." which is obviously incorrect. The messages aren't encrypted at all, only the network connections are.

Re:Encrypting Data at Motion, not Data at Rest

[blueg3]

That's true. The messages really are never encrypted at all. :-)

Re:Encrypting Data at Motion, not Data at Rest

[blueg3]

Super usable! And it's not like it ignores the hardest problem, with is operating PKI properly.

Re:NSA claims Google and others are lying

[poetmatt]

Please. This was debunked already. http://www.techdirt.com/articl...

Pot, Kettle, Pokadot

[Marxist+Hacker+42]

Isn't this a bit like the company that mines your data for profit is complaining about the government that mines your data for power?

Re:Pot, Kettle, Pokadot

[Overzeetop]

Nobody want's competition. What if* Google wanted to move into the power market? No sense in giving the NSA a shortcut.

*when

Re:Pot, Kettle, Pokadot

Google may be many things, but at least they aren't doing it behind your back. Each service's ToS clearly say what they do and don't do with your data when you are on their domains.

Re:Pot, Kettle, Pokadot

You can opt out of using Google's services. You cannot opt out of your government.

Re:Pot, Kettle, Pokadot

[LookIntoTheFuture]

Isn't this a bit like the company that mines your data for profit is complaining about the government that mines your data for power?

Well said.

Re:Pot, Kettle, Pokadot

[bill_mcgonigle]

Isn't this a bit like the company that mines your data for profit is complaining about the government that mines your data for power?

If showing you ads is like targeting your for a Hellfire drone missile strike, then sure. To me that fails the moral equivalence test.

Re:Pot, Kettle, Pokadot

[Marxist+Hacker+42]

Yes, you can. But only by getting off the net completely. Don't forget, they also index Slashdot.

Re:Pot, Kettle, Pokadot

[Marxist+Hacker+42]

And your friends ads. And of course, selling the NSA the information they have, since the only real qualm they have with privacy is not being able to make money off of it.

Re:Pot, Kettle, Pokadot

[Marxist+Hacker+42]

You actually believe that ToS is a contract?

Re:Pot, Kettle, Pokadot

Explain how that opts you out of your government.

Not using the internet means you can ignore which parts of your government? The police? The Taxman? Which government imposed obligations can you opt out of?

Re:Pot, Kettle, Pokadot

[Marxist+Hacker+42]

The government is slightly different, but all one needs to opt out of it, is a good boat.

Weak SMTP SSL

Sure they use SSL on their SMTP servers, but when testing it using checktls.com I see that they use RC4-SHA, not a Perfect Forward Secrecy algorithm like Yahoo is now using (DHE-RSA-CAMELLIA256-SHA). If NSA were to get a copy of Google's private key, they could decrypt all of the traffic. So to me, no PFS is the same as no SSL.

Re:Weak SMTP SSL

[viperidaenz]

traffic over SSL connections is not encrypted using public key cryptography.
the certificate is only used to assert there is no man in the middle during key exchange. The data is encrypted with the randomly generated keys exchanged during the SSL handshake.

Re:Weak SMTP SSL

[heypete]

That depends on the cipher preferences of the client (that is, the system sending mail to Gmail). In my case, connections from my server to Gmail's SMTP servers are made using ECDHE-RSA-AES128-GCM-SHA256.

Connections from other services depend on how they're configured. Geocaching.com's outgoing mail server sends mail to Gmail using ECDHE-RSA-RC4-SHA.

Re:Weak SMTP SSL

[heypete]

traffic over SSL connections is not encrypted using public key cryptography.
the certificate is only used to assert there is no man in the middle during key exchange. The data is encrypted with the randomly generated keys exchanged during the SSL handshake.

Your statement is true if and only if both sides of the connection use Perfect Forward Secrecy.

If PFS is not supported by one or both sides, they revert to RSA key exchange which does use the server's RSA key to encrypt the session key. If the server's private key is compromised any non-PFS traffic that was logged in the past could be decrypted.

The AC above says that the connection between checktls.com and Gmail is made using RC4-SHA -- in that case, no Perfect Forward Secrecy is being used and the connection could be decrypted later if the server's private key was compromised.

In the case of my server connecting to Gmail, the connection is secured with ECDHE-RSA-AES128-GCM-SHA256 -- the ECDHE indicates that it uses elliptic curve-based ephemeral Diffie-Hellman key exchange, which does have PFS.

Perhaps shockingly, most secure sites on the internet don't have PFS enabled or, if they do, don't set them as a high priority. See https://www.trustworthyinterne...">here for details: 42% of sites have PFS enabled, but only 5.6% are configured so that PFS will be used by browsers (the rest have them set as a lower-priority).

because

Because Google wants noone besides themselves spying on your email!

Opportunistic TLS for SMTP?

[dave562]

The article briefly mentions this, but does anyone have any additional detail? Are they using opportunistic TLS on SMTP connections?

Re:Opportunistic TLS for SMTP?

[whoever57]

Are they using opportunistic TLS on SMTP connections?

Google has been doing this for a long time.

Re:Opportunistic TLS for SMTP?

[heypete]

The article briefly mentions this, but does anyone have any additional detail? Are they using opportunistic TLS on SMTP connections?

Yes.

Depending on what ciphers are supported by the remote system, different ciphersuites will be supported. CheckTLS.com will only connect with RC4-SHA, but my server connects with ECDHE-RSA-AES128-GCM-SHA256. Your mileage may vary.

Re:Opportunistic TLS for SMTP?

[manu0601]

If your side does not support TLSv1.2, then Google favors RC4 cipher to thwart BEAST vulnerability. There is only one RC4 cipher that brings PFS: ECDHE-RSA-RC4-SHA. It uses Ellipitic curve cryptography. If you do not support it, nor you support TLSv1.2, you will not get PFS from Google.

The goal is to avoid BEAST, but RC4 is weak, and PFS is highly desirable.

Re:NSA claims Google and others are lying

[fustakrakich]

And exactly why should we believe the companies' denials? Why should we believe they have any concern at all about any of this, aside from the possible bad PR?

Uhmm

[nashv]

I don't know if you've been keeping up. But people fully EXPECT the NSA to be upto nasty secret snooping habits. That is actually the minor part of the story that caused the outrage. The more dangerous fact is that the NSA can demand companies or individuals turn over data to them and impose a gag order thus forcing them to keep it secret.

So AC is right in this case. Just more lip service. Encryption on your own servers is the only way to remain relatively protected.

Re:Uhmm

[Severus+Snape]

Absolutely. You just made my point for me. The problem shall be now a lot of the media will now present this as a milestone to easing public anger over what the public knows. By now the NSA and GCHQ will know the files Snowden has through investigation (police greeting David Miranda with Terrorism laws at Heathrow to make copies of his HDD must have helped) so here comes the game of cat and mouse; possibly until Congress freaks out.

It's the comedy that doesn't stop giving!

Encryption is not the answer

[rudy_wayne]

Ultimately, encryption is meaningless. If the NSA (or any other governmental agency) wants something, they will get it.

Even if you invent some suoer-duoer-impossible-to-crack encryption, they will simply go to a secret court (that is accountable to no one) and get a secret order, that you must comply with and that you aren't allowed to talk about under penalty of going to prison, on the grounds of NATIONAL SECURITY.

Until *THAT* problem is addressed, encryption is meaningless.

Re:Encryption is not the answer

[Patch86]

That would be a considerable extra step for NSA to comply with. If your data is unencrypted, they merely need to scrape the data and away they go- easy mass surveillance of any number of 100's of millions of people.

If they had to take every one of their targets to a secret court (alerting them to their presence while they're at it), mass surveillance would simply not be practical.

The same logic goes for throwing up almost any security barrier. Nothing is unbreakable in the long run, but you can make it so difficult for your opponent that it becomes unprofitable for them to get to you.

About XMPP Security

[qpqp]

effectively forcing XMPP server admins to lower their security if they want to federate with Google

Just for the Google server, if you use a proper XMPP server (like Prosody, for example).

Beware that many servers on the XMPP network use self-signed or invalid certificates, or even don't support TLS at all (such as gmail.com and all Google-hosted domains). It is possible to make exceptions like this:

-- These hosts are allowed to authenticate via weaker mechanisms, such as dialback:
s2s_insecure_domains = { "gmail.com" }

[Server-to-server XMPP]

XMPP server operators are pushing for a wholly encrypted XMPP network with several test-days, where they'll be flipping the switch to allow only encrypted communication, and the final switch to disallow unencrypted communication on May 19, 2014.
It's going to include SSLv3, unfortunately, but we'll get there.

Yeah, maybe ignore everything in this post . . .

[Kimomaru]

. . . because the NSA stated yesterday that tech companies were fully aware of snooping the who time (http://yro.slashdot.org/story/14/03/20/1745254/nsa-general-counsel-insists-us-companies-assisted-in-data-collection). If they're encrypting, it's either for show (porbable) or to prevent eavesdropping by anyone else but the NSA (unlikely, if this mattered to them they would have done it a long time ago.) So, yeah, this feels like it's for show so that people can continue to have confidence in Google's platforms.

Messages Are Not Encrypted

[Bob9113]

Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure.

Horseshit. The message is not encrypted. It is cleartext travelling over encrypted channels. It is on their machines in the clear, which enables them to do things for you, like search and filter, and against you, like profiling you and anyone who sends you email.

Re:Messages Are Not Encrypted

[rastoboy29]

mod parent up.  encryption is not magic.

Re:Yeah, maybe ignore everything in this post . .

[Trax3001BBS]

. . . because the NSA stated yesterday that tech companies were fully aware of snooping the who time (http://yro.slashdot.org/story/14/03/20/1745254/nsa-general-counsel-insists-us-companies-assisted-in-data-collection).

Not only aware, not one to let a dime slip by: "Billing invoices and other documents show Microsoft charging the FBI hundreds of thousands of dollars a month to comply with legal requests for customer information," http://www.dailydot.com/news/m...

Doesn't NSA own SSL already?

[Roger+Wilcox]

I seem to remember hearing they had already cracked SSL among all of the recent revelations.

Either way, this is obviously a PR move. It should give nobody any high hope for Google's intentions...

Oh the irony...

[David_W]

You know, if I didn't know better, I'd think someone did this on purpose... right now the fortune at the bottom is:

Today is a good day for information-gathering. Read someone else's mail file./quote.

It's not just the warrants.

[Ungrounded+Lightning]

... people fully EXPECT the NSA to be upto nasty secret snooping habits. That is actually the minor part of the story that caused the outrage. The more dangerous fact is that the NSA can demand companies or individuals turn over data to them and impose a gag order thus forcing them to keep it secret.

I agree that the latter IS a big problem. But I don't agree that it's the ONLY problem, or the only BIG one.

National Security Letters are still relatively narrow compared to what the NSA did. They also tapped the fibers Google and others used to communicate with each other, and used these taps to snoop everything that went across them, without Google's knowledge.

I encountered a Google engineer with job responsibilities related to that at a conference last year, and he was LIVID. They'd tapped fibers OWNED BY GOOGLE - trespassing and damaging them (aong with Google's credibility) in the process - with no letters, warrants, wink-wink-nudge-nudge, or what-have-you. Google has since been installing encryption thorughout it's network - not just where it leaves the building, but even from rack to rack.

Maybe they're still stuck disclosing SOME stuff. But at least they're trying to know what it is, do their best to minimize it (and protect their model), and avoid inadvertently firehosing EVERYTHING into the maw of the NSA.

Re:It's not just the warrants.

[davester666]

Well, why didn't Google actually mention this to anybody in public then? The NSA breaking into a US corporation and damaging it's equipment would make for some excellent headlines, and perhaps even some spirited debate in a Senate or Congress Hearing.

Re:It's not just the warrants.

[ddt]

I imagine their data center power draws are starting to go up.

Re:It's not just the warrants.

[u38cg]

I had a similar experience chatting to a Google employee. They were seriously pissed off.

Re:It's not just the warrants.

[torsmo]

Maybe due to suppression orders restricting them from reporting it.

Google agreed to NSA spying anyway

[AkkarAnadyr]

So says the NSA's lawyer.

It's not so much "lip service" as "bullshit".

Re:NSA claims Google and others are lying

[kqs]

Good point. You're very wise to believe the NSA, and to ignore all of the "stories" about Google encrypting everything, and suing the government, and trying to limit search warrants. After all, it would be crazy, completely crazy to think that the NSA would try and cast blame on the very companies that tried to stop them. Why, the fact that the NSA tapped Google's dark fiber between datacenters proves that Google is lying and was giving everything to the NSA!

Another possibility is that the NSA is lying and that a bunch of gullible morons are attacking the very companies which (while not perfect) are trying to protect your data from the government.

federate with Google?

[nurb432]

Why would anyone still be doing this? They wont be supporting this really soon now, so everyone should have moved on by now.

Re:NSA claims Google and others are lying

[fustakrakich]

Both sides have good reason to lie. The lawsuits are workfare programs for their lawyers, busy work. The encryption is weak, with all the appropriate back doors left wide open. And you're just repeating public relations mumbo-jumbo and taking high drama as truth. Honesty is bad for business, and all of this is strictly business. Your data will remain vulnerable until it is more profitable to protect it than it is to sell it.

If you want file &/or email security it's GNUP

[Hey_Jude_Jesus]

Sending encrypted mail is the only way to have a chance at keeping it private.

Re:Yeah, maybe ignore everything in this post . .

[Kimomaru]

Exactly. So I have to chuckle when the news reports that an irate Mark Zuckerberg calls the President to voice his displeasure over spying (http://money.cnn.com/2014/03/13/technology/security/mark-zuckerberg-nsa/) . I don't know what he's pretending to be mad about.

Re:nsa

[Bengie]

Having one would still show to the end user that the fingerprint has changed. There is already a feature to warn you when the fingerprint of a site has changed, even if the CA still shows it's "secure".