On Sat, 17 Mar 2012 14:56:18 +1100 ianG wrote: > No, that assumes the attacker is waiting and intercepting every web > server request. In practice, he is not.
This should be assumed and should not matter especially as GSM is so easily decrypted, coupled with a rogue CA makes gpg or atleast a mozilla CA far far far more appropriate. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
