Daniel Lyman <[EMAIL PROTECTED]> writes:It's going to depend on the particular web mail server you're talking to.
If you use a web-mail client to access a mail server via an SSL connection,
is the entire data stream encrypted -- or only the authentication data?
I'm not quite sure what you mean by a web-mail client, but I assume you mean a web browser.
As long as your browser show https in the URL (use SSL), everything is encrypted.
Yahoo uses https/port443 for just your authentication data. Then, when it's transmitting your mail data, it goes back to plain http/port80.
hmmm I can't find a "secure sign on" for my hotmail account.
I would imagine that just because of the CPU load imposed by Secure connections that most free web mail services would not encrypt all traffic. Just the authentication data.
Now, www.hushmail.com provides encrypted mail services for free, but it's not exactly the same as an SSL protected session. You compute a public/private key pair, encrypt the private key (via a passphrase; they didn't say PKCS5 specifically) and send it to them, they hold on to it for you. Then whenever you connect from a different machine, it sends the encrypted private key down to you. And anytime someone wants to send you mail, husmail sends your public key down to them and the email to you is encrypted on their machine before it gets sent to you. (I read their white paper, I have no connection with Hustmail at all...)
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
