[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
Thanks for explaining SSLstrip. I have moved this to savannah-hackers-private because when we are concerned about a flaw that we may want to fix, we should not hang our dirty laundry in public. We should privately fix what we think needs fixing. I am not sure what conclusion to reach about the issue of forcing HTTPS, but I see we don't need to mix it up with the immediate problem. The immediate problem is to give users without an account the opportunity to download using HTTPS. We should do that first. The other issues, we can think about subsequently. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.