<br><br><div><span class="gmail_quote">On 1/12/07, <b class="gmail_sendername">Dmitry Shechtman</b> <<a href="mailto:damnian@gmail.com">damnian@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dmitry Shechtman<br>> You got me. Nice catch, Paul!<br><br>> I guess I'll have to think harder.<br><br>I know I'm not thinking hard yet, but wasn't SSL supposed to solve MITM?</blockquote><div><br>and it doesn't because end-users don't understand how certs work and the MITM
<br>can get a "trusted" cert. Therefore a "certificate dashboard" kind of thing that<br>raises hell when a site that usually has one cert suddently has a different one<br>would be a good browser plugin. Or making the ramifications of the demonstration
<br>clearer.<br><br>Currently sites with "bad" certs are more secure than good ones, because the<br>approve-this-bad-cert dialog will come up and you can verify that its the same bad<br>cert as last time :) <br>
</div><br></div><br>-- <br>pre-Á, Á, Â, rc, release.