Man In The Middle is defeated by context. — Bruce Schneier
As has been widely discussed, Firefox 3.0 is a little over-zealous when it encounters an unknown certificate on an SSL website. Where previous versions would just warn the user about the observed irregularities, the new version requires that the user add an exception for every certificate that has an unknown certification chain, is expired or for which the hostname does not match the information in the certificate.
Adding an exception takes four clicks, most met with a stern warning that will deter anyone but the most determined user. Folks who use self-signed certificates as a matter of habit are howling, because they have to tediously make exceptions for all of them. This Firefox features seems over the top, but is it? Continue reading