<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 04/26/2013 12:50 PM, Ron Frazier
(ALE) wrote:<br>
</div>
<blockquote
cite="mid:eff2ea0e-af1c-49bd-8301-7fb28354c268@email.android.com"
type="cite">
<pre wrap="">So, the question is this. I'm in a coffee shop. I engage the wifi. Immediately, before I bring up my vpn, the email will poll its server for mail. I know that the email will be encrypted once it's logged in. But, I'm wondering if my login credentials are sent in the clear or not. Is there a possibility that someone in the room could hijack my credentials.</pre>
</blockquote>
<div class="moz-signature"><font color="#000000">Only if "SSL
always" means "SSL only after you've authenticated". Of course,
such a mechanism would be patently useless. :)<br>
<br>
More seriously, the answer is no—barring the normal methods one
would require to break the encryption, such as having the
private key, it is not going to be snooped.<br>
<br>
As a side note, you could have confirmed this through an
experiment, which would have also had the effect of discovery of
the information you sought aiding in your retention of it.
Login to email with a packet sniffer running and see what you
see when you follow the resulting TCP stream. Does it look like
random noise? Can you find any of your information or your
information's patterns in the stream? Probably not, since SSL
encryption is known to work. :)<br>
<br>
Or, you could have hit Google and found that secure POP3 on port
995 is always encrypted, while POP3 on standard port 110 is in
the clear until encryption parameters are negotiated, which
occurs before user-level authentication.<br>
<br>
— Mike<br>
</font><br>
</div>
</body>
</html>