This is similar to the SSH model; the first time you connect,
you're expected to manually check by some means that you're
connecting to the right server. On subsequent connections, you
won't be bothered unless the key changes.
I'll concede that in most cases no-one actually verifies the key in
the first connection case, but at least this requires an attacker
to intercept your *first* connection from a particular client,
rather than just any connection.
I may not verify the key manually, but if my first connection to a
particular server is made over a local network that I trust to be
secure, then I can trust the key my SSH client has saved. This is
not at all an uncommon situation: I set up a new server, I plug my
laptop into the local LAN, I log in to make sure everything works.
Later, when I'm sitting in a restaurant waiting for lunch and my
laptop is connected to an untrusted public wifi network, I know the
key my SSH client saved is legitimate.
This wouldn't be common with HTTP.
--
Andy Lyttle
[EMAIL PROTECTED]