Josh Triplett <josh@joshtriplett.org> writes: > https:// avoids MITM; If you aren't doing certificate pinning, I don't think you can really say this with a straight face. It makes MITM moderately harder, at the cost of giving money to a bunch of exploitative clowns who have no concept of what security means. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>