Necessity of GPG when using SSL
John Clizbe
JPClizbe at comcast.net
Mon Feb 20 01:16:14 CET 2006
Johan Wevers wrote:
> Henry Hertz Hobbit wrote:
>
>>Usually, if you are using a web interface to access your email, only the
>>initial authentication is done via SSL. After that if your URL address
>>shifts to using an "http://" rather than the "https://" you made your
>>initial connection with means that your communication just shifted from SSL
>>(weak encryption) to NO encryption. That is the norm.
>
> Strange, I've never seen that happen. All webmail from Dutch providers that
> I've accessed (my own and some for people with problems where I accessed the
> mail to dump mails with large attachments that took too long to download)
> were https all the way.
>
OF three major US providers I have experience with:
Earthlink and Google's GMail use https on their signin page then then switch
over to http once authenticated
Comcast starts with a HTTP page, posts the info to a https URL to set a cookie
then returns to http. Not a very good implementation.
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 457 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060219/45e10e1e/signature.pgp
More information about the Gnupg-users
mailing list