On Mon, 05 Jan 2009 23:55:59 GMT, Christopher Pritchard said:
> previous certificate became invalid (for example due to a date issue). It
> should also be possible to have semi-centralised CRLs that browsers would
> check for occasions when the server admin wants to change certificates, they
> coul
>I believe I stated *up front* that it doesn't secure against an active MITM
attack. Once ettercap presents a *different* >certificate than the one you
were expecting, the victim can at least potentially notice (the same way
that OpenSSH complains >if it discovers that a host key is different).