An anonymous reader writes: Recent reports from around the 'net suggest that SSL certificate chain for gmail has either changed this week, or has been widely compromised. Even in less-than-obvious places to look for information, such as Google's Online Security Blog, are silent. At the moment, the blind are leading the blind to blindly trust the new certificates in order to see the dancing bunnies in their emails. The problem isn't specific to gmail, of course, which leads me to ask: What is the canonically-accepted out-of-band means by which a new SSL certificate's fingerprint may be communicated and/or verified by end users?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's now on IFTTT. Check it out! Check out the new SourceForge HTML5 Internet speed test! ×