Johan Wevers wrote: >Henry Hertz Hobbit wrote: > >>Usually, if you are using a web interface to access your email, only the >>initial authentication is done via SSL. After that if your URL address >>shifts to using an "http://"; rather than the "https://"; you made your >>initial connection with means that your communication just shifted from >>SSL (weak encryption) to NO encryption. That is the norm. > >Strange, I've never seen that happen. All webmail from Dutch providers >that I've accessed (my own and some for people with problems where I >accessed the mail to dump mails with large attachments that took too >long to download) were https all the way.
Thanks for the information. The reason I said what I said is because Netscape, Yahoo, gmail (the email account the original person was posting from) almost all do a shift from https:// to http:// after the connection is made. The only ones I have seen that continue using the SSL are small ISPs and only one of the local universities here. But then I have only seen three of the universities, and actually even the one that was using SSL all the time shifted after I showed an acquaintance how to make the connection that way and he spread the information to everybody he knew who spread it to .... Once that was done, even that school shifted to doing it with SSL for connection only. I realize that SSL doesn't have the overhead of more powerful encryption like that provided by OpenPGP, but it is still enough of an overhead that once the load of SSL all the time becomes noticeable to the ISP (or whoever), they feel that the authentication alone should be using SSL and they make the shift to using plain the rest of the time. In other words, consider yourself lucky IF you are getting SSL all the time if you need it all the time. On the other hand if you don't need SSL all the time there MAY be the possibility those long download times are partly being caused by the overhead of SSL encryption taking place on the server. Do you need encryption all the time or not? My advice still remains the same - OpenPGP is still the best choice for the scenario presented, IF I indeed understood all the parameters. It puts the control of when to use it in your hands. It just depends on what is being transported. I could care less whether all that spam is encrypted or not. I also don't want all the redirected email on my comcast account (also spam, but with the worms removed) encrypted during transmission. The faster I get rid of it the better. Not having the transmission of it helps me get rid of it as fast as possible! HHH __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
