On Friday 04 January 2008, Florian Weimer wrote:
> * Stefan Fritsch:
> > I don't agree with this. An attacker can trick a user to accept a
> > certificate for '*' which then allows to do MITM attacks for any
> > websites.
> You still need to subvert IP routing.
Or do DNS spoofing. Or the user uses a TOR exit node or a public WLAN.
Or he uses his own laptop in a company network...
> If you do that, most users will click away the warnings anyway.
But this affects also those users who don't click away warnings.