nanog mailing list archives

Re: Gmail and SSL

From: Damian Menscher <damian () google com>
Date: Wed, 2 Jan 2013 21:14:31 -0800

On Wed, Jan 2, 2013 at 8:52 PM, <Valdis.Kletnieks () vt edu> wrote:

On Wed, 02 Jan 2013 19:59:35 -0800, Damian Menscher said:

Aurora compromised at least 20 other companies, failed at its assumed
objective of seeing user data, and Google was the only organization to
notice, let alone have the guts to expose the attack [0].  And you're

going

to hold that against them?


I didn't say that.  What I *said* was "one should *expect* a nation-state
adversary to go after your mail hosting company via multiple avenues of
attack,
because it's already been tried before".  Google is indeed one of the
better
actors.  But if you're a target, maybe it's time to reconsider whether the
phrase "hosting company" should be included in your environment *at all*.


Thanks for clarifying.

We're off-topic, but that decision needs to be weighed against the
alternatives.  If your alternative is running your own mailserver at home,
then your risks are:
  - They can come into your home and walk off with your machines.  Even if
your hard drives are encrypted, your backups might not be... or maybe you
don't have backups?
  - If you browse from the server they can get you with a trojan impacting
Flash or Java.
  - Even if you don't browse from your mailserver they can try to
compromise it remotely if it's not fully patched.  How good are you at
keeping your system patched.  Does it fall a day or two behind when you're
on vacation?
  - Speaking of vacation, how do you authenticate to your system?  Does it
support 2-factor?  Or maybe you don't think you need 2-factor because you
have an SSL cert.  Did you self-sign it and tell your browser to ignore all
other CAs (to approximate Chrome's certificate pinning)?
  - How does your email arrive/leave?  They could be tapping your line...
or they could just DoS you off the net.
If you really think you can get all of that right, all the time, then I
wish you the best of luck.  But remembering that most targets are not
cypherpunks, telling them to do it themselves is incredibly bad advice.

Back on topic: encryption without knowing who you're talking to is worse
than useless (hence no self-signed certs which provide a false sense of
security), and there are usability difficulties with exposing strong
security to the average user (asking users to generate and upload a
self-signed cert would be a customer-support disaster, not to mention all
the outages that would occur when those certs expired).  Real-world
security is all about finding a reasonable balance and adapting to the
current threats.

Damian

Current thread:

Re: Gmail and SSL, (continued)
- - - Re: Gmail and SSL Matthew Palmer (Jan 02)
    - Re: Gmail and SSL Masataka Ohta (Jan 02)
    - Re: Gmail and SSL George Herbert (Jan 02)
    - Re: Gmail and SSL William Herrin (Jan 02)
    - Re: Gmail and SSL Gary E. Miller (Jan 02)
    - Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
    - Re: Gmail and SSL George Herbert (Jan 02)
    - Re: Gmail and SSL Jeff Kell (Jan 02)
    - Re: Gmail and SSL Damian Menscher (Jan 02)
    - Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
    - Re: Gmail and SSL Damian Menscher (Jan 02)
    - Re: Gmail and SSL Valdis . Kletnieks (Jan 02)
    - Re: Gmail and SSL Michael Thomas (Jan 03)
    - Re: Gmail and SSL Maxim Khitrov (Jan 03)
    - Re: Gmail and SSL Jimmy Hess (Jan 03)
    - Re: Gmail and SSL Peter Kristolaitis (Jan 03)
    - Re: Gmail and SSL Jay Ashworth (Jan 04)
    - Re: Gmail and SSL Matthias Leisi (Jan 03)
    - Re: Gmail and SSL Steven Bellovin (Jan 03)
    - Re: Gmail and SSL Kyle Creyts (Jan 03)
    - Re: Gmail and SSL Christopher Morrow (Jan 02)

(Thread continues...)