RE: Gmail and https

["Joe Klein" <Josephk () mischoice com>]

The reason for that is obvious... the increased hardware overhead for tens
of thousands of SSL connections, if not hundreds of thousands of
simultaneous SSL connections, for a 'free' service. Plus, anyone who gathers
and sends email over unencrypted smtp/pop3/imap are afforded the same
protection as unencrypted http-based webmail.

-joe


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Mohammad Tina
Sent: Monday, February 11, 2008 10:07 AM
To: Daniel Jana
Cc: security-basics () securityfocus com
Subject: Re: Gmail and https

Using https://mail.google.com stays with https
that weird...why not use ssl for the whole session

On Feb 11, 2008 5:59 PM, Daniel Jana <dfjana () gmail com> wrote:
> Mohammad Tina wrote:
> > Hi,
> > I notices recently that gmail after you logon the header in the
> > address bar is http not https?
> > is that normal?
>
> Yes... if you log in through the regular www.gmail.com address, it will
> just use ssl for the authentication procedure. Use
> https://mail.google.com and this way it won't go back to http.
>
> Daniel
>
> PS - Yahoo does the same and so did hotmail when I last checked.



-- 
/Mohammad N. Tina