>HTTPS cannot be spoofed, its part of the security involved with the SSL layer.
Technically, HTTPS -can- be spoofed, using a wildcard trusted certificate for *. I know that BlueCoat supports this kind of interception to be able to scan HTTPS traffic. It's basically a trusted MITM attack.
The main disadvantage IMO is that the check on the clientside whether the certificate is valid or not becomes impossible.
Joost
Received on Fri Apr 10 2009 - 06:22:09 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 10 2009 - 12:00:03 MDT