> You said this is a firewall box. Most "appliances" I've seen use > self-signed SSL certs which don't validate anyway -- so you're ALREADY > used to clicking "ok" on the warning. Therein lies the danger I suppose.
Exactly. This is probably why Simon is confused. However, if he verifies the fingerprint/hash of the certificate once (by walking over to his firewall and reading it off the terminal), then he permanently trusts it in his browser, then he'll be pretty safe from then on. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
