On Friday 04 January 2008, Florian Weimer wrote: > * Stefan Fritsch: > > I don't agree with this. An attacker can trick a user to accept a > > certificate for '*' which then allows to do MITM attacks for any > > websites. > > You still need to subvert IP routing.
Or do DNS spoofing. Or the user uses a TOR exit node or a public WLAN. Or he uses his own laptop in a company network... > If you do that, most users will click away the warnings anyway. But this affects also those users who don't click away warnings. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
