1. 9

  2. 1

    This is a really good point. I think Google is in a good position to improve the situation with GMail. They’ve already started pushing for SMTP servers to use TLS. If they library-ize the cert validation from Chrome, other email servers could use it without having to reinvent that wheel. It could be the next step in their anti-spam process.

    1. 2

      That would be good to come full circle… since the first of these CA cert constraints were motivated by the DigiNotar compromise, which was exposed upon MitM’ing GMail, via Google’s pinning of their own certificates in Chrome.