RE: Gmail and https

The reason for that is obvious... the increased hardware overhead for tens of thousands of SSL connections, if not hundreds of thousands of simultaneous SSL connections, for a 'free' service. Plus, anyone who gathers and sends email over unencrypted smtp/pop3/imap are afforded the same protection as unencrypted http-based webmail.

-joe

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Mohammad Tina
Sent: Monday, February 11, 2008 10:07 AM To: Daniel Jana
Cc: security-basics@securityfocus.com
Subject: Re: Gmail and https

Using https://mail.google.com stays with https that weird...why not use ssl for the whole session

On Feb 11, 2008 5:59 PM, Daniel Jana <dfjana@gmail.com> wrote:
> Mohammad Tina wrote:
> > Hi,
> > I notices recently that gmail after you logon the header in the
> > address bar is http not https?
> > is that normal?
> >
>
> Yes... if you log in through the regular www.gmail.com address, it will
> just use ssl for the authentication procedure. Use
> https://mail.google.com and this way it won't go back to http.
>
> Daniel
>
> PS - Yahoo does the same and so did hotmail when I last checked.
>
-- /Mohammad N. Tina

• This message: [ Message body ]
• Next message: Joe Klein: "RE: Getting Mails three times"
• Previous message: Ben de Bont: "RE: Gmail and https"
• In reply to: Mohammad Tina: "Re: Gmail and https"
• Next in thread: Warren Myers: "Re: Gmail and https"
• Reply: Warren Myers: "Re: Gmail and https"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]