On 2009-03-02, at 15:35, Phil Pennock wrote:
On wifi, you're fooling yourself if you think that accepting arbitrary unverified host certs is better than nothing.
You're not "accepting arbitrary unverified certs".You just need to accept "the same unverified cert as last time". Then you can go ahead and scream if it changes. But if you're using the same cert you used the last time you connected to the site, you're not in any greater danger than you were the last time.
