[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Gmail/SSL

On Mon, Mar 10, 2008 at 2:40 AM, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> wrote:
> ... Just because a website is secure at the moment,
>  doesn't mean they wont make changes in future which leak your sessions.

managing this on your end transparently makes it impossible to
exploit.  you enforce policy of ssl/tls only, always, regardless of
how they may have implemented sessions and authentication on their
end.  (at worst, they break their service rendering it unusable
securely [DoS], rather than leaking your private information

>  It is considerably safer to use gmails secure imap/smtp services rather
>  than their webmail with Tor imo. More bandwidth friendly too.

agreed, though exit polices for these ports are not as plentiful...

best regards,