Re: Gmail and https

["Warren Myers" <volcimaster () gmail com>]

And having the web session encrypted does not guarantee that the email
you send/receive will be, or was, secure in transit.

Which brings us back to "if you wouldn't put it on a postcard, don't
send it in an email".

WMM

On Feb 11, 2008 1:58 PM, Joe Klein <Josephk () mischoice com> wrote:
> The reason for that is obvious... the increased hardware overhead for tens
> of thousands of SSL connections, if not hundreds of thousands of
> simultaneous SSL connections, for a 'free' service. Plus, anyone who gathers
> and sends email over unencrypted smtp/pop3/imap are afforded the same
> protection as unencrypted http-based webmail.
>
> -joe
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> Behalf Of Mohammad Tina
>
> Sent: Monday, February 11, 2008 10:07 AM
> To: Daniel Jana
> Cc: security-basics () securityfocus com
> Subject: Re: Gmail and https
>
> Using https://mail.google.com stays with https
> that weird...why not use ssl for the whole session
>
> On Feb 11, 2008 5:59 PM, Daniel Jana <dfjana () gmail com> wrote:
> > Mohammad Tina wrote:
> > > Hi,
> > > I notices recently that gmail after you logon the header in the
> > > address bar is http not https?
> > > is that normal?
> >
> > Yes... if you log in through the regular www.gmail.com address, it will
> > just use ssl for the authentication procedure. Use
> > https://mail.google.com and this way it won't go back to http.
> >
> > Daniel
> >
> > PS - Yahoo does the same and so did hotmail when I last checked.
>
>
>
> --
> /Mohammad N. Tina



-- 
http://warrenmyers.com
"God may not play dice with the universe, but something strange is
going on with the prime numbers." --Paul Erdős
"It's not possible. We are the type of people who have everything in
our favor going against us." --Ben Jarhvi, Short Circuit 2