So let me play devil's advocate for a moment: You could say that the browser has two components: One in the phone and one in a server somewhere. The two components communicate over a channel provided by good old https. The phone component sends the request to the server component, which in turn forwards it to the remote server and then transforms the response into a more compact form before sending it back to the phone component. Thus no MITM, just a clever bit of distributed computing.
The notion of the user as one end point of the protected channel is illusory anyway; in reality, it the browser that is the end point. What human being does SSL in his head anyhow? The only unusual thing about this setup is that the browser is a bit here, a bit there. And (now slipping out of my devil's advocate role) there is undoubtedly more possibilities for exposure of sensitive data, as this data exists unencrypted in an unexpected place. - Harald _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
