Joe Greco wrote: > [ .... ] > > Either we take the potential for transparent MitM attacks seriously, or > we do not. I'm sure the NSA would prefer "not." :-) > > As for the points raised in your message, yes, there are additional > problems with clients that have not taken this seriously. It is, however, > one thing to have locks on your door that you do not lock, and another > thing entirely not to have locks (and therefore completely lack the > ability to lock). I hope that there is some serious thought going on in > the browser groups about this sort of issue. > > [ ... ] > > ... JG
F Y I, see: SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad' certificates @ http://www.codefromthe70s.org/sslblacklist.aspx Best.