4.1 Security Considerations for Implementers

In most cases, all communication between the client and server happens across an HTTP connection secured by the Secure Sockets Layer (SSL) protocol. The SSL connection is assumed to be secure enough to transmit confidential data, such as user credentials and sensitive e-mail. The SSL certificate on the server is assumed to be trusted by the client application.