Ask Slashdot: Has Gmail's SSL Certificate Changed, How Would We Know? 233
An anonymous reader writes "Recent reports from around the net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even less-than-obvious places to look for information, such as Google's Online Security Blog, are silent. The problem isn't specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificate's fingerprint may be communicated and/or verified by end users?"
I can still read... (Score:3, Funny)
I can still read your email. It hasn't changed.
Comment removed (Score:5, Funny)
Re:Revocation --- or Redundancy? (Score:3, Funny)
And for more security, we can do *THREE* certificates. Count them! *THREE* for additional security.
Super secure sites like banks can do *FOUR* certificates. If any one of the *FOUR* certificates break, then we know we're attacked! Even more secure if those *FOUR* certificates come through 4 different ways...
Are you really suggesting that?! Do you even know how PKI works?
Fuck it...we're doing *FIVE* [theonion.com].
Re:Revocation --- or Redundancy? (Score:4, Funny)