4 Security Considerations

In most cases, all communication between the client and server happens across an HTTP connection secured by the Secure Sockets Layer (SSL) protocol, as described in [RFC2616]. The SSL connection is assumed to be secure enough to transmit confidential data, such as user credentials and sensitive e-mail. The SSL certificate on the server is assumed to be trusted by the client application.