On a mailing list that I subscribe to there was some talk as to whether Gmail will keep all traffic encrypted or not. Considering that I use Gmail, this was of some importance to me. So I used a packet sniffer (Wireshark) to monitor Gmail for a few hours.
After going through the Wireshark log (which took a bit!) the only non-SSL/TLS traffic from Gmail I could find looked like this:
ET /safebrowsing/update?client
HTTP/1.1
Host: sb.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11)
Gecko/20071204 Ubuntu/7.10 (gutsy) Firefox/2.0.0.11
Accept: text/xml,application/xml
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=2ebc725f67fb2226:TM
NID=7=idUEA3RlV2HdMJnwhlss9BlI
rememberme=true; TZ=360; GMAIL_RTT=199;
SID=DQAAAHkAAADzxZbZSOLdabfqK8
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Cache-Control: public,max-age=600
Server: TrustRank Frontend
Content-Length: 40363
Date: Fri, 07 Mar 2008 19:48:54 GMT
[goog-black-enchash 1.46041 update]
-181A72096A3A5F5A6B5CE3D22D499
+1ADDDA4E33D074B417D9032C0074E
+32B06F940FF6E48A2FE609B51E416
-409CA5195CFE1F8B615C0CF72343D
Except that the whole thing was ~41kb.
So, while not an exhaustive study by any means, it *does* look like Gmail will stick to SSL, or some type of encryption (I have no idea what "goog-blacl-enchash" means, but it certainly isn't plaintext).
If anyone wants to look through the packet dump let me know, it's about 4mb uncompressed after I filtered out traffic that I knew wasn't from Google (from a cron job I have going), I'd be glad to post it somewhere.
No comments:
Post a Comment