Comment Re:Hang on... (Score 3, Informative) 275
the man in the middle would have to have a valid mail.google.com certificate for the attack to be seamless.
yes, we know how effective "invalid certificate" prompts are, but this is not a failure of the encryption mechanism.