Good point. So all ISPs can sniff on traffic. Now, the question is, why have ISPs had a very low incidence of snooping and eavesdropping? You'd think that by now there would have been dozens even hundreds of cases of such? After all, we know there is a non-trivial amount of credit card traffic going over HTTP, and ISPs are ideally placed to do perfect DNS attacks.
I've heard of about one, maybe two if we push it. I think the reason is that your average ISP is staffed with the wrong sort of person to do insider attacks, whereas banks, telcos, and other places have no such good luck.
It's interesting to contrast this view of ISPs with your view of CAs, which is almost entirely the opposite... :-)
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
