> (The reason for this is that (many? most? all?) CAs verify authority > by having you place a file at some HTTP path on the domain in > question.
IME most CAs verify by emailing hostmaster/webaster@ or one of the contacts in the WHOIS. But you're right, still subject to a MitM. Still better than nothing though. I would have suggested an EV cert, but that's more expensive (and still far from foolproof) > Basically only helps with the evil hotspot/tor_exit problem. Also helps protect against DNS spoofing attacks, but yes, you're right. I should be checking GPG sigs but I'm lazy :-) roy ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
