On Tue, Feb 09, 2010 at 06:56:39PM -0500, Kurt H Maier wrote: > SSL can do two things: > > 1) provide site-to-site encryption
Without certificate verification in some form, you have no way of knowing that. Your connection could be decrypted and re-encrypted by any number of parties along the way with no way for you to detect it. In surf's case, they don't even have to use a CN that matches the hostname. SSL without verification provides no security guarantees whatsoever.
