[ILUG] Q of the moment: does SSL matter? ( for webmail & pop &
imap & smtp & ... ? )
jmglov at gmail.com
Sat Aug 2 11:15:42 IST 2008
2008/8/1 Brendan Kehoe <brendan at zen.org>:
> While we're on the topic of webmail clients, I'm curious ... I notice that
> GMail has an option to let you use regular http vs https for your GMail
> sessions, with it automatically redirecting you if necessary.
> To be a devil's advocate: does it matter, really? Except for sitting in
> Internet cafes or libraries, do you need to use SSL when using a webmail
> interface? Or even when downloading your mail? When's the last time you
> read about an ISP being hacked so people could sniff packets?
As others have noted, the mail will be bouncing through the
recipient's ISP's SMTP servers unencrypted, but the HTTPS does keep
your ISP from snooping, at least on the contents of your mail. While
it is fairly unlikely that an ISP will be hacked just to sniff
packets, as you have noted, that does not mean that ISPs in the US
(and probably elsewhere) are not hosting government-issued packet
sniffers and traffic analysis devices (the latter of which HTTPS will
not impede). The battle for privacy is all but lost, but being a
privacy-minded person, I'd rather make it harder to snoop on me
Crypto is not a silver bullet, but it is an important part of an
overall privacy / security system.
More information about the ILUG