> Still, it's difficult to know for sure that any given public wifi > network hasn't had DNS spoofed -- pointing to rogue servers that can > launch man-in-the-middle attacks, for instance.
if you don't accept bogus certificates and we trust the ssl certificate authorities, ssl is supposed to be immune to man in the middle attacks. the middle host wouldn't be able to forge a handshake for the domain you're trying to connect to. i guess there are some human factor issues that can crop up. getting redirected to micr0s0ft.com and not noticing that the url isn't what you expected. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
