On Sat, Sep 03, 2011 at 04:51:49PM -0400, [email protected] wrote 4.3K bytes in 111 lines about: : My understanding is that the issue is common to all 'secured' web : sites. HTTP is trivially subverted; HTTPS needs a valid cert or the : user clicking past a "No, I don't care about my security; go there : anyway" warning before it can be subverted.
Just a fine point here, treat SSL as encryption between you and something on the other end, not as authentication of the other end (nor you if have client certs installed). -- Andrew pgp key: 0x74ED336B _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
