Quote:
Originally Posted by alsaan
Not really, the use of encryption and certificates makes impossible for any third party to snoop on the data being transmitted. The session key is known only by the client and server, so there is nothing Amazon can do with the data besides relaying it. They can't impersonate the mail server either without triggering an invalid certificate error.
|
You're making the assumption that when the little lock shows up that the cert you are using is google's if you are using gmail. How do you know? I can't find a way to look at the cert. Many proxies don't work that way. The proxy sets up a SSL connection with the website and the proxy might set up one with your browser. As I said, it could be that Amazon is the one with the SSL connection to Google and you just have a SSL connection to Amazon. Thus Amazon relays everything and does have full access to your data. Like I said earlier, it really depends on whether Amazon just routes the packets or acts as a full proxy. From what people have observed, they act as a full proxy.
Also, saying that it's "impossible" to snoop SSL data is not accurate. Encryption just makes it harder, not impossible. I remember having this out with the Netscape engineers way a back in the day. Their keys were only 64 bit. They claimed it would take so long to crack that no one would bother. A couple of weeks later, a hacker posted his algorithm to crack any 64 bit SSL message in a couple of hours. They upped it to 128 bit.