2 Jan
2009
2 Jan
'09
12:56 p.m.
Joe Greco wrote:
[ .... ]
Either we take the potential for transparent MitM attacks seriously, or we do not. I'm sure the NSA would prefer "not." :-)
As for the points raised in your message, yes, there are additional problems with clients that have not taken this seriously. It is, however, one thing to have locks on your door that you do not lock, and another thing entirely not to have locks (and therefore completely lack the ability to lock). I hope that there is some serious thought going on in the browser groups about this sort of issue.
[ ... ]
... JG
F Y I, see: SSL Blacklist 4.0 - for a Firefox extension able to detect 'bad' certificates @ http://www.codefromthe70s.org/sslblacklist.aspx Best.