a question on the web: “has gmail’s SSL certificate changed, how would we know?” – and its funny answer: “… they own your computer and will take care of it for you”

• http://it.slashdot.org/story/13/09/26/2250227/ask-slashdot-has-gmails-ssl-certificate-changed-how-would-we-know
• https://github.com/JochenHayek/misc/blob/master/fetchmail–extract_fingerprints.pl

Google can easily revoke certificates. They can even install what ever they want on my computer as a replacement for google chome with their automatic background updates. Don’t worry about it, they own your computer and will take care of it for you.

I came across this thread, when I searched for a way to deal with the occasional fingerprint changes – because fetchmail has no way of letting me know, I think.

My serious approach to dealing with SSL fingerprint change:

• I “ssh IMAP_SERVER tail -f …” my procmail LOGFILE anyway …
• and because that keeps stalling after a while …
• I have to keep restarting it manually
• and on the same command line I check for “fingerprints” in my fetchmail LOGFILE