Is https traffic over an unencrypted wireless network secure?
This is something I've wondered for a long time. If I am, say, using Gmail over https, can someone read my IM conversations and emails if I use an unsecured wireless network? I assume that the data would be secure, since it is using an encrypted connection. Is there anything else to consider?
I would think that someone could still perform a man-in-the-middle attack if you're on unsecured wifi (or even secured wifi, if they happen to find a way to be allowed on). This is why you need to always check that the SSL connection shows up green in your address bar and/or manually double-check that the certificate is valid when using unsecured wifi. Assuming that the certificate is correct, then the SSL should protect your data.
I think your reasoning is correct; to read your information they would need to decrypt the SSL. There would just be one less level of encryption for them to break, in order to access the encrypted data.
As long as your DNS and your browser's SSL rootkey servers are valid, then an attacker on the same unsecure wireless network as you cannot get into your SSL pipe with a server.
DNS is the big vulnerability in this area - if your DNS chain of servers gets infected by an attacker than can make all manner of things appear to be secure but in fact be insecure.
But if your question is whether a random hacker at an airport or coffee shop is going to be able to hack into your SSL pipe to your bank, the answer is almost certainly not.
Anyway have in mind that only the data inside the http stream is encrypted but the URLs are not, so maybe someone can impersonate you.