Joan Battaglia wrote:

> On Sun, 28 Oct 2007 00:21:24 -0400, Andy Walker wrote:
> > Does this mean that someone with enough of a clue couldn't detect
> > it? No, but then there are so many clueless people out there it
> > would probably fool 99.9% of them.
>
> It would fool me. I don't know what to look for.
> I just used to say yes to all those popups.

Then by your own words you wouldn't be fooled, as you only *use* to
blindly accept certs, and in spite of what Andrew tries to mislead
you into believing you *would* see those same warnings issued by all
modern browsers at their default settings, and most other software.

Even certs signed by Trusted CA's generate errors when they don't match
the site you're visiting, and they would not because they're not issued
in that name. Whether what you type into a navigation bar or click on
is seen by proxy or not is irrelevant. The site you're ultimately
visiting is ABC.com and the cert you're seeing from the proxy belongs
to XYZ.com. The fact that it's signed by a trusted authority actually
strengthens that security ad increases the validity of the alerts and
errors, not diminishes them.

Yes, a "high trust" certificate belonging to a third party used in a
data stream is even more obviously erroneous than an "iffy" certificate
substituted for a Joe Blow site's.