On Mon, Mar 10, 2008 at 2:40 AM, Mike Cardwell <[EMAIL PROTECTED]> wrote: > ... Just because a website is secure at the moment, > doesn't mean they wont make changes in future which leak your sessions.
managing this on your end transparently makes it impossible to exploit. you enforce policy of ssl/tls only, always, regardless of how they may have implemented sessions and authentication on their end. (at worst, they break their service rendering it unusable securely [DoS], rather than leaking your private information [leakage/pwned]...) > It is considerably safer to use gmails secure imap/smtp services rather > than their webmail with Tor imo. More bandwidth friendly too. agreed, though exit polices for these ports are not as plentiful... best regards,