On Wed, Jan 2, 2013 at 5:43 PM, George Herbert <george.herbert@gmail.com> wrote:
If push came to shove and minor legalities were not restraining me, I recall (without checking) your domain's emails come to your home, and your DSL or cable line is sniffable, so any of the CA who email URL validators out could be trivially temporarily spoofed (until you read your email and responded) by tapping your data lines. BGP games to snarf your traffic are another venue, possibly not yet even covered by wiretap laws that I know of, though I'm not currently an ISP in a position to personally do that to you.
And none of this describes an extraordinary effort? The quote you're trying to refute was, "suffer such attacks only with extraordinary difficulty on the part of the attacker."
If you're going to argue that that's cheating, that IS the threat envelope...
You're quite right about the scope of the threat envelope. And it's one to two orders of magnitude more difficult to penetrate than man-in-the-middle with an unverified key. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004