Digital certificates are one way we know to trust someone online. Most of us use them without even realizing it; every time we visit a secure web site, our browser checks a certificate that’s been signed and dated by a trusted third party. Other servers, such as those used to send email, rely on certificates, too.
But certificates, as they did for Google today, sometimes go stale. Given the number of people who use Gmail with their desktop mail application, this means desktop users were faced with a decision: Trust that you really were sending mail to Google’s SMTP servers rather than an evil interloper, or wait until the certificate was updated. Shortly afterwards, Google acknowledged the problem.
Within an hour, the certificate was fixed. And there’s a workaround — web-based mail. But it serves as a reminder of just how many things can go wrong with an online service these days, and how many components we take for granted until they break.