SSL solves it? Not hardly, given that huge numbers of sites use outdated certs and a lot use self-signing. Most people just click 'accept' when asked: they certainly don't look at the cert's content, and even if they did, would they be able to spot a false one, what with VeriSign and others doing minimal verification of applicant identity beyond `do they have a credit card'. (Credit cards are, after all, so very had to get: my friend's daughter could have half a dozen by now, and she's less than a year old).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds