|Main Archive Page > Month Archives > security-basics archives|
The reason for that is obvious... the increased hardware overhead for tens of thousands of SSL connections, if not hundreds of thousands of simultaneous SSL connections, for a 'free' service. Plus, anyone who gathers and sends email over unencrypted smtp/pop3/imap are afforded the same protection as unencrypted http-based webmail.
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Mohammad Tina
Sent: Monday, February 11, 2008 10:07 AM To: Daniel Jana
Subject: Re: Gmail and https
Using https://mail.google.com stays with https that weird...why not use ssl for the whole session
On Feb 11, 2008 5:59 PM, Daniel Jana <email@example.com> wrote:
> Mohammad Tina wrote:
> > Hi,
> > I notices recently that gmail after you logon the header in the
> > address bar is http not https?
> > is that normal?
> Yes... if you log in through the regular www.gmail.com address, it will
> just use ssl for the authentication procedure. Use
> https://mail.google.com and this way it won't go back to http.
> PS - Yahoo does the same and so did hotmail when I last checked.
-- /Mohammad N. Tina