Necessity of GPG when using SSL
Benjamin Esham
bdesham at gmail.com
Mon Feb 20 05:50:17 CET 2006
John Clizbe wrote:
>> Henry Hertz Hobbit wrote:
>>
>>> Usually, if you are using a web interface to access your email,
>>> only the
>>> initial authentication is done via SSL. After that if your URL
>>> address
>>> shifts to using an "http://" rather than the "https://" you made
>>> your
>>> initial connection with means that your communication just
>>> shifted from SSL
>>> (weak encryption) to NO encryption. That is the norm.
>
> OF three major US providers I have experience with:
>
> Earthlink and Google's GMail use https on their signin page then
> then switch
> over to http once authenticated
I saw a neat trick somewhere online... if you use "https://
mail.google.com" as your
login page for Gmail, the entire session is encrypted. I haven't
used the normal
method since I learned how to do this. I hope someone finds this
helpful! :-)
Cheers,
--
Benjamin D. Esham
bdesham at gmail.com | http://bdesham.net | AIM: bdesham128
Wikipedia, the Free Encyclopedia • http://en.wikipedia.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20060219/9eb0b934/PGP.pgp
More information about the Gnupg-users
mailing list