Stephen Gran on 9 Nov 2007 00:46:23 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] New gmail fingerprint?


On Thu, Nov 08, 2007 at 07:35:09PM -0500, John Lavin said:
> Hello All-
> 
> I don't know if I'm the only one that started getting crontab error
> notifications from my fetchmail to my gmail account.  I use a POP over
> ssl connection, and this has been working just fine since about March
> when I set it up originally.  After troubleshooting, and running
> manual connections, everything seemed fine, except I noticed the
> fingerprint I had defined in my fetchmailrc was different than the one
> now coming back.
> 
> Old: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4
> 
> New: 44:A8:E9:2C:FB:A9:7E:6D:F9:DB:F3:62:B2:9E:F1:A9
> 
> Anyone else notice this?  Should I be concerned about this?

They've apparently made some fairly big changes to their network, as
they're suddenly offering IMAP (US customers only, currently, although
easy to fool if you set your preferences to US english long enough to
enable IMAP) so I wouldn't be surprised if they shuffeled servers at
the same time.

I'm not sure, in the general sense, that's it's useful to rely on a
single server fingerprint for a big farm like google.  It's probably
more useful to look at what CA signs the server fingerprints and decide
whether or not you trust that.  They will likely move servers out from
under you in the future, creating more needless make work.  And the
point of the SSL validation is to decide that this is google, keeper of
all your mail and indexer of all your information^Wporn^W^W^W^W^W^W^W^W^W^W^W 
really good thing I swear, after all, not that this is some random 
machine that has a given fingerprint.
-- 
 --------------------------------------------------------------------------
|  Stephen Gran                  | "Debian: no hats or reptiles were       |
|  steve@lobefin.net             | harmed in the making of this            |
|  http://www.lobefin.net/~steve | distribution= ."   -- Paul Slootman     |
 --------------------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug