Is it possible for the company to monitor the Gmail


Since Gmail uses https, all the messages should be encrypted?

Here we assume my company does not have keystroke logger or random snapshot software.

Best Answer

If you are using Firefox you might want to have a look at, which is a quite easy to use addon to detect a MitM attack which could otherwise stay undetected. This way is probably more practical than always checking the certs against a list of fingerprints you collected from a trustworthy source (e.g. at home) by hand.

Note that even if your browser does not have a special certificate of your company in it's list of trusted root certificates and the system is not compromised otherwise, there could be a MitM. How? At least one CA (Trustwave) has been not trustworthy in the past by issuing a intermediate certificate to a company for questionable purposes. See - There also have been successful intrusions into CAs (e.g. DigiNotar, Comodo), leading to more fraudulent certificates.

So the current trust concept in browsers is horribly broken since there are way to many CAs that are trusted by default and one untrustworthy CA breaks the whole system. It has been proved, that there is more than one CA being not trustworthy and nobody can predict which one is next. Perspectives is a interesting approach to circumvent the problem of an MitM with a fraudulent cert while also making the CA's expensive certificates superfluous.