Hi Michael, and many others!
Thanks for the reply. I didn't realize Gmail (just tested it) and
Yahoo! (haven't tested yet) supported https sessions. One word of
caution for others though - make sure you use the proper url when
kicking off the https session. For example, if you navigate to
"https://gmail.com"; and get redirected to the proper page, your login
will be https, but not the rest of the session. If you navigate to
"https://gmail.google.com";, your login and the rest of the session are
https as expected.
Mark
-----Original Message-----
From: Micheal Espinola Jr [mailto:michealespinola@gmail.com]
Sent: Thursday, February 24, 2005 2:37 PM
To: Alvin Oga
Cc: Mark Spencer; security-basics@securityfocus.com
Subject: Re: Free Webmail w/ SSL?
if you point gmail to a https url, it will stay as https. if you point
to http, it will only temporarily go to https during the logon.
start with https, and it will stay that way.
hth
On Thu, 24 Feb 2005 10:48:03 -0800 (PST), Alvin Oga
<alvin.sec@virtual.linux-consulting.com> wrote:
hi ya mark
I'm looking for advice on free webmail services that support SSL for
the entire session, not just login? Googling today I've found
webmail services that support SSL logins and public/private key
exchange of the actual emails themselves, but not SSL of the entire
webmail session.
if it's https ... it's done ..
there's just hushmail.com and maybe pgp.bz plus few other
freebie site
http://www.Linux-Sec.net/Mail/WebMail/
building ones own encrypted webmail seems like an awful lot of work
too
i don't see any reason why one would need to trade public/private keys
if one is using https for webmail
c ya
alvin
--
ME2
my home: <http://www.santeriasys.net/>
my photos: <http://mespinola.blogspot.com/>
