2007/10/3, Robert Butler <[EMAIL PROTECTED]>: > > That's right- > > nobody can do man-in-the-middle (that I've heard, anyway) on HTTPS, since > everything is encrypted using TLS or SSL. >
Ehrmmm. MIMD over https slowly becomes a standard firewall functionality, Zorp being the first doing it (as in a lot of other things related to firewalling, like [tadaaam] having an ssh proxy). Of course it is designed for benign purposes, and correct certificate validation stops its evil uses, but who knows how an ordinary user reacts to the popup saying that the CA is unknown.