> (assuming the admin doesn't notice the cert changes and all that good > stuff.)
There's your problem. If you assume this, you will always be vulnerable to MitM if the software you're using allows you to communicate anyway. If you're SSH client lets you connect to systems whose keys have changed, same problem. If your VPN client allows it, same problem. This is why I wanted you to think about what you are trusting in the first place. You are trusting your CA and the certificate chain. If you can't do that, then you have no trust. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
