On Sun, Dec 30, 2012 at 10:46 PM, John Levine <johnl@iecc.com> wrote:
So the only assurance a signed cert provides is that the person who got the cert has some authority over a name that points to the mail client
What other assurance are you looking for? The only point of a signed server certificate, the ONLY point, is to prevent a man-in-the-middle attack where someone who doesn't control the name decrypts the traffic from the server, reads it, and then re-encrypts it with his own self-signed key before sending it to you. If the signature accomplishes that goal, it has done 100% of what it's designed to do. In theory a signature can mean anything the signing authority defines it to mean. In practice, that also requires special handling from the users... behavior web browser users don't engage in. As for Google (and anyone else) it escapes me why you would require a signed certificate for any connection that you're willing to also permit completely unencrypted. Encryption stops nearly every purely passive packet capture attack, with or without a signed certificate. Even without a signed cert an encrypted data flow is much more secure than an unencrypted one. It's not an all-or-nothing deal. Encrypted with a signed or otherwise verified cert is more secure than merely encrypted which is more secure than unencrypted on a switched path which is more secure than unencrypted on a hub. None of these things is wholly insecure and none are 100% secure. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004