The last three dialogs shown while logging into Hotmail are unnecessary: "You have requested an encrypted page", immediately followed by "Form submission from https to http" and "You are about to leave an encrypted page". None of these dialogs should be shown. Instead, Mozilla should pretend that nothing was encrypted, since no *page* displayed was encrypted.

I'm guessing IE has zero impediments to hotmail login?

I get 0 dialogs logging into Hotmail using IE. With my Mozilla profile, I only get "Form submission from https to http". A clean Mozilla profile gives 5-6 dialogs (bug 119114), but I don't have a clean IE installation to test.

I'm still seing this with build id 2002032203 (win98) Hotmail login process goes like this: 1-moz displays logon form fetched with HTTP 2-logon form with password submitted to hotmail via HTTPS 3-response received contains redirection to inbox via HTTP 3b-warning is displayed by moz, user click continue 4-redirection is followed and inbox appears. Step 3b message is "although this page is encrypted, the information you are entered is to be sent over an unencrypted connection...." I have difficulties intercepting the actual redirect because it is encrypted but I'm pretty sure the user password is not sent over the unencrypted connection. We can expect more and more site to use the hotmail technique for password transmission since it provides a nice balance between secure (password over HTTPS) but not overkill (all other pages over HTTP). It would be nice to consider the form has been sent via HTTPS, and consider the redirect to be the same as if the user followed a HTTP GET link on a HTTP page: switching to a less secure page but not actually POSTing to it. After all, a redirect is always a GET.

WFM at www.hotmail.com and at www.passport.com. I think this is because Hotmail changed, not because Mozilla changed.