Hi all !

I'd like some advices about SSL and HTTPS.
Could someone tell me the difference about security between this
cases :

Let's take the yahoo mail example :

1. From a local html page on his hard drive, a user send his id/pwd
through a form like this <form action="https://... method="post" ...

that is similar to the real one on Yahoo mail login page.

2. The same but done directly from the https yahoo site.

Am I wrong if I say that case 1 is not secure ?

Am I wrong if I say that before considering the transaction as secure,
the client has to be connected first one time to the server ? This
allows the client to check the certificate, to use it to create a
session key that is then sent to the server ? Is this process could be
done in case 1 ?

Thanks a lot in advance !!!