RE: Free Webmail w/ SSL?

["Mark Spencer" <mspencer () evidentdata com>]

Hi Michael, and many others!

Thanks for the reply.  I didn't realize Gmail (just tested it) and
Yahoo! (haven't tested yet) supported https sessions.  One word of
caution for others though - make sure you use the proper url when
kicking off the https session.  For example, if you navigate to
"https://gmail.com"; and get redirected to the proper page, your login
will be https, but not the rest of the session.  If you navigate to
"https://gmail.google.com";, your login and the rest of the session are
https as expected.

Mark

-----Original Message-----
From: Micheal Espinola Jr [mailto:michealespinola () gmail com] 
Sent: Thursday, February 24, 2005 2:37 PM
To: Alvin Oga
Cc: Mark Spencer; security-basics () securityfocus com
Subject: Re: Free Webmail w/ SSL?

if you point gmail to a https url, it will stay as https.  if you point
to http, it will only temporarily go to https during the logon.

start with https, and it will stay that way.

hth


On Thu, 24 Feb 2005 10:48:03 -0800 (PST), Alvin Oga
<alvin.sec () virtual linux-consulting com> wrote:
> hi ya mark
>
> > I'm looking for advice on free webmail services that support SSL for

> > the entire session, not just login?  Googling today I've found 
> > webmail services that support SSL logins and public/private key 
> > exchange of the actual emails themselves, but not SSL of the entire
webmail session.
> if it's https ... it's done ..
>        there's just hushmail.com  and maybe pgp.bz plus few other 
> freebie site
>
>        http://www.Linux-Sec.net/Mail/WebMail/
>
> building ones own encrypted  webmail seems like an awful lot of work 
> too
>
> i don't see any reason why one would need to trade public/private keys

> if one is using https for webmail
>
> c ya
> alvin


--
ME2

my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>