It's even worse, a fake certificate from a man in the middle causes a trustworthy warning! If a certificate is not co-signed by any of the Browser compiled-in authorities, the Browsers will just ask: "...do you want to trust <company>". The hacker is completely free to fill in <company> when he creates his own certificate on the server side (using plain openssl). This will be the only popup as the fake certificate will match the faked URL. Did M$ expect people to say "no" to the fake question "Do you want to trust Citibank" when they are in fact trying to connect to the real Citibank site? The default behavior of a browser should be to reject unsigned certificates and not even ask the question. Currently, there is even no warning that <company> was learned from an unsigned certificate. /Martin
(disclaimer... does not necessarily reflect the opinion of my employer...) > Even supposedly secure things like SSL-protected websites and SSH logins > are vulnerable due to the simple fact that most people won't think twice > to say "yes" to SSH complaining that it detected a new host key; or notice > that they're really talking to a different website (or that the lock icon > is not showing) - if it looks the same, and its URL is similar-looking > (l->1, O->0, etc; and with newish Unicode URLs the fun is unlimited).