> https is supposed to prevent "man in the middle" attacks, provided you enfor$
That was the original theory, as I understand it. But there are way too many "in most browsers by default" CAs that are willing to sell wildcard certs such as can be used for MitM attacks without disturbing cert validity checks. I even recall hearing of some caching proxy (squid maybe?) that, out of the box, could use such a cert to provide caching for HTTPS connections - they're that common. Not surprising, really. The CA hierarchy is both the most central point and quite possibly the most commercialized and thus most venal point, so it's natural that it would be the major point that's come under attack by actors wishing to compromise the security HTTPS could have offered. (Some of them, probably, even have the best of intentions....) > Another option if you have people messing with your web access is > Tor. Or, of course, file bug reports with the provider in question and, if they're honest enough to admit what they're doing, switch. I know _I_ certainly wouldn't tolerate that sort of messing with my data stream. For those unfortunate enough to have nobody affordable to switch to, all I can suggest is ssh (or operational equivalent, such as a VPN) to a hosted, possibly virtual, machine somewhere not behind such crippling restrictions. (Depending on such factors as the jurisdiction and your dedication to the cause, a lawsuit might also be an option.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
