Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Let Root Certificate For Gmail Expire

Posted by Soulskill on from the happens-to-the-best-of-us dept.

Gr8Apes writes: The certificate for Google's intermediate certificate authority expired Saturday. The certificate was used to issue Gmail's certificate for SMTP, and the expiration at 11:55am EDT caused many e-mail clients to stop receiving Gmail messages. While the problem affected most Gmail users using PC and mobile mail clients, Web access to Gmail was unaffected. I guess Google Calendar failed to notify someone.

11 of 104 comments (clear)

  1. Re:Lol by Anonymous Coward · · Score: 5, Funny

    Yeah I only use Tinder for all my communication.

  2. Obligatory XKCD by avgjoe62 · · Score: 5, Funny

    This seems so prophetic now:

    Obligatory XKCD Link

    --

    How come Slashdot never gets Slashdotted?

    1. Re:Obligatory XKCD by snowgirl · · Score: 4, Interesting

      You've likely heard of Memegen, the internal Google meme forum?

      Yeah, that comic is a template, and regularly gets rolled out for random things that we were told to focus on... like "self-driving cars" or "nest" or "ionosphere skydiving VPs"

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
    2. Re:Obligatory XKCD by X0563511 · · Score: 4, Funny

      Man, 8.8.4.4 never gets any love.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    3. Re:Obligatory XKCD by ralphsiegler · · Score: 4, Interesting

      That 8 stuff is for young-un's, we old timers love our 4.2.2.2 Originally BBN Planet 's DNS server in 1994, now owned by Level 3

  3. LOL ... by gstoddart · · Score: 5, Funny

    I am GRoot.

    --
    Lost at C:>. Found at C.
  4. Re:Lets encrypt by sycodon · · Score: 4, Interesting

    The internet has become one giant Rube Goldberg machine. Way too many parts and dependencies.

    No, I don't have an alternative, but that's not a requirement to point out that the web seems pretty fragile.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  5. Re:And the layman's translation is what again? by wonkey_monkey · · Score: 4, Funny

    As much as I like to take issue when a summary truly is unenlightening and makes unreasonable expectations of readers, I don't think this is such a case. Slashdot isn't a general news site, and does have a specific target readership, the vast majority of which are going to know what a certificate is and what SMTP is.

    And anyway, whose mother? Some mothers would need the meaning of "ISP" spelled out for them over several sentences. Some mothers don't have even a vague grasp of what the internet is. Where do you draw the line?

    At least it wouldn't be over the head of this mom.

    * How does this [-] a normal user?
    * What can they [-] or not do now?
    * What do they have [-] watch out for?

    Blimey, if you want to talk about clarity...

    --
    systemd is Roko's Basilisk.
  6. Just clients? by multi+io · · Score: 4, Informative

    The certificate was used to issue Gmail's certificate for SMTP, and the expiration at 11:55am EDT caused many e-mail clients to stop receiving Gmail messages

    If the certificate was "for SMTP", the problem would have affected not just end users, but also peers, i.e. other e-mail providers who wanted to deliver mail to @gmail.com addresses. Or at least they may have automatically fallen back to unencrypted SMTP delivery (which was pretty much the default before Snowden, but anyway).

  7. title wrong by fugas · · Score: 5, Informative

    "Google Internet Authority G2" is NOT a root certificate (subject != issuer).

  8. Re:Why is it good that certificates expire? by Anonymous Coward · · Score: 4, Informative

    From IBM:

    Question
    FAQ: Why do certificates have an expiration date? (SCI97674)
    Answer
    Digital certificates are breakable and are only considered to be secure for a limited period of time.? As of 2006, a? certificate based on? the standard? 1024 bit encryption string is only considered to be secure for 1-2 years and so certificates should expire and be replaced after no more than 2 years. Note