No crook in his right mind or even his wrong mind would do an MITM. It just isn't a practical attack. That applies as much to open, cleartext connections as to SSL connections. So, what's the threat here?
The threat I think everyone is complaining about is the fact CAs might issue (intentionally or unintentionally) certificates for a mydodgyonlineshop.com, and they don't want to take responsibility for choosing if that shop/bank/financial is what they thought it was, or if it's trustworthy to send financial information to.
Yet further example of people not wanting to take responsibility for their own action, then sue the moment they think they can take advantage of the situation, good example of this mentality is some woman using nail glue on her daughter because she grabbed the wrong bottle, first thing she does is pass the buck saying the bottles looked the same and then calls a lawyer to try and sue someone else for her mistake, I mean c'mon if everyone is so worried go to a real damn shop!
Frankly I'd be more worried about domain hijacking, how many large ISPs have the ability to point bankingsite.com to another location if their DNS server was compromised, further more how many end users would notice the lock was missing as they entered their banking details into the site?
Person I knew doing an security audit for a bank did just that to a major ISP here in Australia, and after they went to what they thought was the banks login page it just had a simple notice, sorry online banking is currently down, please try again later. Within an hour had I think over 9,000 or 10,000 login details for that bank. No SSL, just a simple DNS redirect and he didn't even have access to the banks name server, he didn't need it.
Now to put things into perspective, there would have only about a million users potentially effected if that, now what if that had been AOL or other larger ISPs in the US with 10's of millions of users?
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
