Gmail Goes HTTPS Only For All Connections

← Back to Stories (view on slashdot.org)

Gmail Goes HTTPS Only For All Connections

Posted by Unknown on Thursday March 20, 2014 @07:16AM from the nsa-already-has-the-private-key dept.

Trailrunner7 (1100399) writes "Perhaps no company has been as vocal with its feelings about the revelations about the NSA's collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users' sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections. The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure. This makes life much more difficult for anyone—including the NSA–who is trying to snoop on those Gmail sessions." GMail also does TLS for SMTP, but regrettably Talk (what's left of it) does not do TLS for XMPP server-to-server connections, effectively forcing XMPP server admins to lower their security if they want to federate with Google.

37 of 141 comments (clear)

Min score:

Reason:

Sort:

More lip service by Anonymous Coward · 2014-03-20 07:18 · Score: 5, Insightful

The NSA has compromised certificates so this will make no real difference.
This is the backscatter xray machine of internet security.
1. Re: More lip service by vadim_t · 2014-03-20 07:52 · Score: 3, Informative
  
  Google has their own CA. Of course the NSA may demand certs from them, but Google will have to know, so the NSA can't do it secretly anymore
2. Re:More lip service by DickBreath · 2014-03-20 07:52 · Score: 4, Insightful
  
  Better to compromise certificate authorities than to compromise certificates.
  
  After all, who wouldn't trust a certificate authority. There are so many to choose from.
  
  If your browser is presented with a genuine signed Google.com certificate, issued by Honest Achmed's Trusty Certificates of Tehran Iran, then why shouldn't your browser just trust this certificate from a trusted CA?
  
  --
  
  I'll see your senator, and I'll raise you two judges.
3. Re: More lip service by AlphaWolf_HK · 2014-03-20 08:03 · Score: 2
  
  So long as Google can read your emails, so can the NSA. All they have to do is get a court order. With the way email works, any email provider can read your emails really, so it's not just google.
  What ultimately needs to happen is for emails to become assymetric encrypted.
  
  --
  Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
4. Re:More lip service by Trax3001BBS · 2014-03-20 08:12 · Score: 2
  
  The NSA has compromised certificates
  Odd you should mention that. The link in the summery gave me a bad cert alert for */hs.llnwd.net this has happened to me before (Opera 12). llnwd.net is a source for video http://support.brightcove.com/...
  I see it as a problem with Opera, but reject them just in case.
5. Re: More lip service by heypete · 2014-03-20 08:34 · Score: 3, Informative
  
  Google has their own intermediate CA, which is a subsidiary of GeoTrust. Given that such an intermediate could issue certs for the global internet, GeoTrust probable provides a "managed PKI" service where they retain control of the intermediate so that it will only issue certs for Google-controlled domains.
  In such a situation, GeoTrust could be compelled to issue certs using Google's intermediate CA without Google's knowledge.
  Alternatively, if Google maintained control of the intermediate, the NSA would need to compel Google to generate certs for them from their own intermediate. However, if the NSA went to GeoTrust and demanded that they generate an intermediate CA with all the same details (CN, O, OU, etc.) as the Google one, the NSA could generate certs for Google without Google knowing.
6. Re:More lip service by ObsessiveMathsFreak · 2014-03-20 09:23 · Score: 2
  
  If your browser is presented with a genuine signed Google.com certificate, issued by Honest Achmed's Trusty Certificates of Tehran Iran, then why shouldn't your browser just trust this certificate from a trusted CA?
  Because if you don't accept, your browser will emit a shrill piercing wail, loudly declaiming your obscene and hertical attempts to use a secure connection which has not been certified. A yellow clad official -- likely of Arstotzkan origin -- will appear to lend an air of official disapproval to the disgraceful suggestion that you should prefer encryption, any encryption, over plain text without authentication.
  So, you must Accept Our Glorious CA Validated HTTPS Protocols or else revert to wide open plain text. Cause no trouble.
  P.S.
  I personally believe that Firefox's self signed policies were the result of NSA lobbying/influence at Mozilla. The secure web was set back a decade by this decision, and the fallout has render the entire CA and hence https infrastructure all but useless.
  
  --
  May the Maths Be with you!
7. Re: More lip service by AmiMoJo · 2014-03-20 09:45 · Score: 2
  
  More over Google have positioned themselves so that even if there was a secret court order to provide a certificate to the NSA it would be immediately obvious what had happened. Chrome pins Google certificates so if they change the user will be notified immediately. The court could order Chrome to have the new cert pinned as well, but of course it wouldn't affect older versions released prior to the order.
  Google does seem to be genuinely trying to resist, even if ultimately it may be futile. At least they made that much harder.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re: More lip service by AlphaWolf_HK · 2014-03-20 10:50 · Score: 2
  
  If the cryptography used is strong enough it would be. Even though RSA rigged one of their implementations, the math behind it is still solid and can be used without the NSA breaking it. If that really bothers you still, you could always go with elliptic curve. The bonus of EC is that its smaller keys are as good as longer RSA keys, so no need for crazy 4096 bit pads.
  
  --
  Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
Uh the NSA post it says different by goombah99 · 2014-03-20 07:19 · Score: 5, Informative

Does Google not recall the NSA post it note showing that they intercept the post-SSL server to server commuincations within the googleshpere? NSA doesn't care about HTTPS to google as long as that back channel is still there.

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:Uh the NSA post it says different by goombah99 · 2014-03-20 07:20 · Score: 4, Informative
  
  Here's a link:
  http://www.gizmodo.com.au/2013...
  
  --
  Some drink at the fountain of knowledge. Others just gargle.
2. Re:Uh the NSA post it says different by QuasiSteve · 2014-03-20 07:27 · Score: 3, Informative
  
  Isn't that in part what this..
  
  The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers.
  
  ..is supposed to refer to?
  Of course if they're just going to pretend to be Google and fool browsers into thinking they're talking to Google and decrypt/re-encrypt at that point, there's not much Google can do about it anyway.
3. Re:Uh the NSA post it says different by Anonymous Coward · 2014-03-20 07:33 · Score: 3, Insightful
  
  Google was only furious because the NSA was accessing the data without paying.
4. Re:Uh the NSA post it says different by DickBreath · 2014-03-20 07:54 · Score: 4, Funny
  
  > Google was only furious because the NSA was accessing the data without paying.
  
  Wrong. Google was only furious because the NSA was accessing the data without seeing ads.
  
  --
  
  I'll see your senator, and I'll raise you two judges.
5. Re:Uh the NSA post it says different by swillden · 2014-03-20 09:46 · Score: 2
  
  Here's a link:
  http://www.gizmodo.com.au/2013...
  That document is what motivated Google to encrypt all links between data centers, specifically to stop that.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
6. Re:Uh the NSA post it says different by bill_mcgonigle · 2014-03-20 10:01 · Score: 2
  
  Walk in with a couple of FISA warrants and a few guys in dark suits .. and guess what? There's still not a fucking thing Google can do to stop them.
  If I were Google and seriously concerned about this, I'd encrypt the data in a chaining mode and keep half(+-) of the bits in different data centers in different jurisdictions.
  Yeah, the bandwidth issue is real. But the best a gang could do is seize some drives with nothing useful on them. They'd be better off attacking the suspect's machine, and then at that point it's no longer Google's secret problem.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
7. Re:Uh the NSA post it says different by swillden · 2014-03-20 10:38 · Score: 2
  
  Unless google invented practical homomorphic algorithms, It's still decrypted somewhere. Just a different post it note.
  Obviously it's decrypted, but only inside data centers... and maybe only inside servers. In either case it's still ultimately accessible, but we're talking about different classes of spying problems: tapping a fiber running hundreds of miles across open country vs tapping a switched network inside an access-controlled building vs extracting data from a running machine.
  Granted that it wouldn't be too hard for an organization like the NSA to obtain surrepititious access to a Google data center, but the logistical scale of the problem multiplies enormously when you have to somehow tap every one of hundreds of switches or tens of thousands of machines. And the odds of getting noticed increases non-linearly with scale.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
What version? Also, Google Talk is pretty dead. by twocows · 2014-03-20 07:24 · Score: 2

Are they using SSL, or are they using TLS? Which version of either are they using? Most modern browsers support TLS 1.1 and 1.2, but I can imagine Google falling back to 1.0 or even SSL for compatibility with fossils.

As much as I personally love Google Talk, it's about as dead as you can get. Most links have been redirected to Hangouts, and those that aren't, you have to access manually. If anyone cares, here's the only working link that I'm aware of for Google Talk: http://www.google.com/talk/ind...
1. Re:What version? Also, Google Talk is pretty dead. by Baloroth · 2014-03-20 07:38 · Score: 2
  
  I just checked, TLS 1.2 when supported, but they will fall back to 1.0 if the browser doesn't support newer 1.1/1.2. Didn't see if they'll fall back to SSL or not (or if it falls back to 1.1 at all).
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Pheww! by Anonymous Coward · 2014-03-20 07:25 · Score: 3, Informative

What a relief. Now the only people that can get my data are government agencies that ask for it and advertisers that pay for it.
Re:Doesn't matter by Agent+ME · 2014-03-20 07:26 · Score: 4, Interesting

If perfect forward secrecy is used in the connections (which most HTTPS sites seem to do last I checked), then knowing the private keys doesn't even help them decrypt a connection, *unless* they're actively man-in-the-middling the connection from the start (which I'm sure they do often against interesting people, but probably not anywhere near 100% of everything).
Re:NSA claims Google and others are lying by poetmatt · 2014-03-20 07:30 · Score: 4, Informative

Please. This was debunked already. http://www.techdirt.com/articl...
Re:Doesn't matter by vux984 · 2014-03-20 07:32 · Score: 4, Informative

Unless Google is just handing them everything anyway via Prism, or whatever other programs are in place.
This is like installing bars over the windows to keep the govt out, knowing full well you already gave them the keys to the front door.
Pot, Kettle, Pokadot by Marxist+Hacker+42 · 2014-03-20 07:37 · Score: 4, Insightful

Isn't this a bit like the company that mines your data for profit is complaining about the government that mines your data for power?

--
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
1. Re:Pot, Kettle, Pokadot by bill_mcgonigle · 2014-03-20 09:58 · Score: 4, Insightful
  
  Isn't this a bit like the company that mines your data for profit is complaining about the government that mines your data for power?
  If showing you ads is like targeting your for a Hellfire drone missile strike, then sure. To me that fails the moral equivalence test.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Weak SMTP SSL by Anonymous Coward · 2014-03-20 07:37 · Score: 5, Insightful

Sure they use SSL on their SMTP servers, but when testing it using checktls.com I see that they use RC4-SHA, not a Perfect Forward Secrecy algorithm like Yahoo is now using (DHE-RSA-CAMELLIA256-SHA). If NSA were to get a copy of Google's private key, they could decrypt all of the traffic. So to me, no PFS is the same as no SSL.
Re:NSA claims Google and others are lying by fustakrakich · 2014-03-20 07:48 · Score: 3

And exactly why should we believe the companies' denials? Why should we believe they have any concern at all about any of this, aside from the possible bad PR?

--
“He’s not deformed, he’s just drunk!”
Uhmm by nashv · 2014-03-20 07:56 · Score: 4, Insightful

I don't know if you've been keeping up. But people fully EXPECT the NSA to be upto nasty secret snooping habits. That is actually the minor part of the story that caused the outrage. The more dangerous fact is that the NSA can demand companies or individuals turn over data to them and impose a gag order thus forcing them to keep it secret.
So AC is right in this case. Just more lip service. Encryption on your own servers is the only way to remain relatively protected.

--
Entia non sunt multiplicanda praeter necessitatem.
Encryption is not the answer by rudy_wayne · 2014-03-20 07:57 · Score: 5, Insightful

Ultimately, encryption is meaningless. If the NSA (or any other governmental agency) wants something, they will get it.
Even if you invent some suoer-duoer-impossible-to-crack encryption, they will simply go to a secret court (that is accountable to no one) and get a secret order, that you must comply with and that you aren't allowed to talk about under penalty of going to prison, on the grounds of NATIONAL SECURITY.
Until *THAT* problem is addressed, encryption is meaningless.
About XMPP Security by qpqp · 2014-03-20 07:59 · Score: 4, Informative

effectively forcing XMPP server admins to lower their security if they want to federate with Google
Just for the Google server, if you use a proper XMPP server (like Prosody, for example).

Beware that many servers on the XMPP network use self-signed or invalid certificates, or even don't support TLS at all (such as gmail.com and all Google-hosted domains). It is possible to make exceptions like this:
-- These hosts are allowed to authenticate via weaker mechanisms, such as dialback:
s2s_insecure_domains = { "gmail.com" }
[Server-to-server XMPP]
XMPP server operators are pushing for a wholly encrypted XMPP network with several test-days, where they'll be flipping the switch to allow only encrypted communication, and the final switch to disallow unencrypted communication on May 19, 2014.
It's going to include SSLv3, unfortunately, but we'll get there.
Re:Doesn't matter by glenebob · 2014-03-20 08:00 · Score: 5, Informative

Somebody mod this up. This is dead right.
Google can encrypt the data all they want, right down to encrypting it when it arrives, and leaving it encrypted for its lifetime on their servers, but the NSA can just say "gimme the data AND the keys to unlock it". The keys are just data, and obviously Google has access to them, therefore so does the NSA.
Re:Encrypting Data at Motion, not Data at Rest by blueg3 · 2014-03-20 08:10 · Score: 2

Encrypting data at rest doesn't get you much. Anyone who gets access to the backend gets access to the cryptographic keys used to read the data at rest.
This is the case whenever the attacker has access to the cryptographic endpoint. The fact is, as long as Google is one of the cryptographic endpoints, if you have access to Google's data, you have access to it regardless of whether you pretend to encrypt it. The only way you can significantly change that is to make yourself (that is, the person sending and the person receiving the e-mail) the cryptographic endpoint, so that Google only ever sees ciphertext.
But that's not very convenient.
Messages Are Not Encrypted by Bob9113 · 2014-03-20 08:22 · Score: 5, Insightful

Gmail messages are encrypted from the time they leave a user's machine to the time they leave Google's infrastructure.
Horseshit. The message is not encrypted. It is cleartext travelling over encrypted channels. It is on their machines in the clear, which enables them to do things for you, like search and filter, and against you, like profiling you and anyone who sends you email.

--
Stop-Prism.org: Opt Out of Surveillance
It's not just the warrants. by Ungrounded+Lightning · 2014-03-20 08:53 · Score: 5, Interesting

... people fully EXPECT the NSA to be upto nasty secret snooping habits. That is actually the minor part of the story that caused the outrage. The more dangerous fact is that the NSA can demand companies or individuals turn over data to them and impose a gag order thus forcing them to keep it secret.
I agree that the latter IS a big problem. But I don't agree that it's the ONLY problem, or the only BIG one.
National Security Letters are still relatively narrow compared to what the NSA did. They also tapped the fibers Google and others used to communicate with each other, and used these taps to snoop everything that went across them, without Google's knowledge.
I encountered a Google engineer with job responsibilities related to that at a conference last year, and he was LIVID. They'd tapped fibers OWNED BY GOOGLE - trespassing and damaging them (aong with Google's credibility) in the process - with no letters, warrants, wink-wink-nudge-nudge, or what-have-you. Google has since been installing encryption thorughout it's network - not just where it leaves the building, but even from rack to rack.
Maybe they're still stuck disclosing SOME stuff. But at least they're trying to know what it is, do their best to minimize it (and protect their model), and avoid inadvertently firehosing EVERYTHING into the maw of the NSA.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Re:NSA claims Google and others are lying by kqs · 2014-03-20 09:46 · Score: 2

Good point. You're very wise to believe the NSA, and to ignore all of the "stories" about Google encrypting everything, and suing the government, and trying to limit search warrants. After all, it would be crazy, completely crazy to think that the NSA would try and cast blame on the very companies that tried to stop them. Why, the fact that the NSA tapped Google's dark fiber between datacenters proves that Google is lying and was giving everything to the NSA!
Another possibility is that the NSA is lying and that a bunch of gullible morons are attacking the very companies which (while not perfect) are trying to protect your data from the government.
Re:Doesn't matter by swillden · 2014-03-20 09:52 · Score: 4, Insightful

Somebody mod this up. This is dead right.
Google can encrypt the data all they want, right down to encrypting it when it arrives, and leaving it encrypted for its lifetime on their servers, but the NSA can just say "gimme the data AND the keys to unlock it". The keys are just data, and obviously Google has access to them, therefore so does the NSA.
More precisely, the NSA would just say "gimme the decrypted data". But it's simply wrong to say that's not an important difference.
If the NSA can snoop all connections they can scoop up terabytes of data and figure out later what's interesting and no one is the wiser. If they have to ask Google, they have to make the request specific and they have to provide justification that will satisfy some set of legally-defined standards -- and Google will then add the request to the published transparency statistics so legislators and voters can see how much is being done and decide if it's excessive.
There's a huge difference there.
Oh, and I can't think of any case in which the government could legally demand the keys.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Re:Doesn't matter by swillden · 2014-03-20 10:46 · Score: 3, Informative

You really need to read the whole Lavabit story. Basically, the government was able to convince the court that the combination of Lavabit's security architecture and the company's early stonewalling demonstrated that the only way to be sure they got all of the data the court had ordered Lavabit to hand over was to require the keys. Had Lavabit complied initially and just handed over the requested data the question of keys would never have come up.
That may seem like a subtle distinction, but it's not. The court never said that the government has a general right to demand keys, it just said that in that particular case there were factors which meant that merely asking for the data was not going to work, and that, therefore, the government could demand the key.
In Google's case, if the government asks -- through correct legal channels and with an appropriately-specific request -- for your e-mail, Google can and will simply comply with the request, which means that the government has no need to get keys. The only reason the government would ask for keys is in order to obtain the ability to do mass surveillance which cannot be justified Constitutionally -- and Google has the legal and technical resources to make that argument and to appeal it to the highest level.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.