TLS client certificate email

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

TLS client certificate email

Post by 32wildbilly » Thu Aug 01, 2019 4:59 pm

Is that a good thing?(gmail)
Never gonna make you cry...

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: TLS client certificate email

Post by gnat » Thu Aug 01, 2019 5:18 pm

Image

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

Re: TLS client certificate email

Post by 32wildbilly » Thu Aug 01, 2019 5:40 pm

gnat wrote: Thu Aug 01, 2019 5:18 pm Image
Huh? or Hell No!
Traditionally, TLS Client Authentication has been considered the alternative to bearer tokens (passwords and cookies) for web authentication. In TLS Client Authentication, the client (browser) uses a certificate to authenticate itself during the TLS handshake.
Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. ... When you buy an 'SSL' certificate from Symantec, you can of course use it with both SSL and TLS protocols.
Never gonna make you cry...

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: TLS client certificate email

Post by gnat » Thu Aug 01, 2019 6:08 pm

Yeah I know what TLS/SSL certs are. I don't know what you are trying to ask though.

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

Re: TLS client certificate email

Post by 32wildbilly » Thu Aug 01, 2019 7:16 pm

gnat wrote: Thu Aug 01, 2019 6:08 pm Yeah I know what TLS/SSL certs are. I don't know what you are trying to ask though.
I set up a gmail account for my wife and it automatically defaulted to TLS rather than password protect. Good or bad?
Never gonna make you cry...

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: TLS client certificate email

Post by gnat » Thu Aug 01, 2019 8:39 pm

Hmmm... No idea what you are talking about still. I don't see any docs on mTLS for authentication and I just tried setting up another account and it didn't offer such a thing.

Generally speaking, however, I would not suggest mTLS auth for a normal user. There is a not insignificant cost involved for a long lived (year) cert and changing it is a PITA when the time comes and especially painful if you need to change it suddenly (like you can no longer trust you have the only copy of the key). It can also be a pain to get it on and used by different devices.

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

Re: TLS client certificate email

Post by 32wildbilly » Fri Aug 02, 2019 5:04 am

gnat wrote: Thu Aug 01, 2019 8:39 pm Hmmm... No idea what you are talking about still. I don't see any docs on mTLS for authentication and I just tried setting up another account and it didn't offer such a thing.

Generally speaking, however, I would not suggest mTLS auth for a normal user. There is a not insignificant cost involved for a long lived (year) cert and changing it is a PITA when the time comes and especially painful if you need to change it suddenly (like you can no longer trust you have the only copy of the key). It can also be a pain to get it on and used by different devices.
Ok...here's how it went down. I setup a gmail account for the wife on my MacBook Pro. Everything went and is fine. On urging from you guys I have gone through and changed all of my passwords just to keep security frosty. When I went to change the gmail password by doing "mail-preferences-accounts-gmail-advanced. In the box for Authentication it showed "External (TLS client Certificate)". When I setup the account I'm sure it requested a password as I have one documented. If I click the dropdown behind this box the options are Password, Kerberos version 5, NTLM, MD5 Challenge-Response and the TLS option. Just wondering should I leave it alone or change it to password?

EDIT: I HATE computers!
Never gonna make you cry...

User avatar
gnat
Power-drunk moderator
Posts: 4171
Joined: Sat Jan 06, 2018 6:54 am
Location: Lobby, VWGofA HQ

Re: TLS client certificate email

Post by gnat » Fri Aug 02, 2019 7:24 am

32wildbilly wrote: Fri Aug 02, 2019 5:04 am mail-preferences-accounts-gmail-advanced
"mail" as in the Mail application on your computer?

If so, that is just talking about how the application communicates with GMail. Don't mess with that. Next time you go to send/receive mail it should recognize that it doesn't have the correct password and prompt you for it.

User avatar
32wildbilly
Never gonna run around and desert you
Posts: 5758
Joined: Sat Jan 06, 2018 2:46 pm
Location: Kneebraska

Re: TLS client certificate email

Post by 32wildbilly » Fri Aug 02, 2019 7:30 am

gnat wrote: Fri Aug 02, 2019 7:24 am
32wildbilly wrote: Fri Aug 02, 2019 5:04 am mail-preferences-accounts-gmail-advanced
"mail" as in the Mail application on your computer?

If so, that is just talking about how the application communicates with GMail. Don't mess with that. Next time you go to send/receive mail it should recognize that it doesn't have the correct password and prompt you for it.
Yes mail as in the mail application on my Mac. gmail has never asked for a password when using...ever. If I shouldn't mess with that box where/how do I change the pass word for gmail? Sorry computer illiterate here.
Never gonna make you cry...

User avatar
DTMiller
"Special"
Posts: 821
Joined: Fri Jan 05, 2018 8:50 pm
Location: Mechanicsburg, PA
Contact:

Re: TLS client certificate email

Post by DTMiller » Fri Aug 02, 2019 7:43 am

Sooooo old
2002 Guards Red Targa, Fister exhaust, H&R Sport Springs, semisolid motor mounts
1997 MX-5 track car
Friday at the Track, Chin Trackdays, SCCA WDCR Novice Classroom Instructor, SCDA, Audi Club Potomac, TrackDaze HPDE Instructor
June 16, 2017 Funland GoKart Champion (6:13 p.m. main event)
Willing to risk life for track time

Post Reply