Necessity of GPG when using SSL

John Clizbe JPClizbe at
Mon Feb 20 01:16:14 CET 2006

Johan Wevers wrote:
> Henry Hertz Hobbit wrote:
>>Usually, if you are using a web interface to access your email, only the
>>initial authentication is done via SSL.  After that if your URL address
>>shifts to using an "http://" rather than the "https://" you made your
>>initial connection with means that your communication just shifted from SSL
>>(weak encryption) to NO encryption.  That is the norm.
> Strange, I've never seen that happen. All webmail from Dutch providers that
> I've accessed (my own and some for people with problems where I accessed the
> mail to dump mails with large attachments that took too long to download)
> were https all the way.
OF three major US providers I have experience with:

Earthlink and Google's GMail use https on their signin page then then switch
over to http once authenticated

Comcast starts with a HTTP page, posts the info to a https URL to set a cookie
then returns to http. Not a very good implementation.

John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 457 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060219/45e10e1e/signature.pgp

More information about the Gnupg-users mailing list