Johan Wevers wrote: > Henry Hertz Hobbit wrote: > >>Usually, if you are using a web interface to access your email, only the >>initial authentication is done via SSL. After that if your URL address >>shifts to using an "http://"; rather than the "https://"; you made your >>initial connection with means that your communication just shifted from SSL >>(weak encryption) to NO encryption. That is the norm. > > Strange, I've never seen that happen. All webmail from Dutch providers that > I've accessed (my own and some for people with problems where I accessed the > mail to dump mails with large attachments that took too long to download) > were https all the way. > OF three major US providers I have experience with:
Earthlink and Google's GMail use https on their signin page then then switch over to http once authenticated Comcast starts with a HTTP page, posts the info to a https URL to set a cookie then returns to http. Not a very good implementation. -- John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet Golden Bear Networks PGP/GPG KeyID: 0x608D2A10 "Be who you are and say what you feel because those who mind don't matter and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
