You just connected to your online banking site, and up comes the little lock showing the link is encrypted, secure, and can't be listened into right? WRONG!!
Think about the akamai mirrors for US sites for European contries.
With the intercept and gag laws in the US as they are, Verisign or any other certificate authority can be compelled to issue duplicate certificates, add on to this the fact that browsers don't warn about fingerprints on certificates changing and you have a security nightmare waiting to happen. Then of course the little issue of Verisign controlling/redirecting DNS via proxy servers, and being one of the largest commercial providers of snoop services to the US government doesn't even begin to come into it.
And before you say, Mozilla software is so much more secure and they'd be willing to listen, Mozilla developers have given me a wall of silence on their news groups when the topic comes up, and when I filed a bug report, it was hastily marked as invalid.
No software can be considered to be 'secure', as long as it is used and controlled by humans, we are still the weakest link in the chain remember. Also, you could easily modify Mozilla, like my father (HJ) did to trap this 'feature'.
http://blog.cacert.org/2005/05/43.html http://bugzilla.mozilla.org/show_bug.cgi?id=294730
BTW; who resolved that bug 'INVALID'?
Michael. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security