Problems in Validation


What CA signatures do you require, and how do you verify them?

Example: self-signed certs and monkey-in-the-middle

Using webmitm (from the dsniff suite) with a self-signed cert bearing the name "Hotmail, Inc." signed by "Hotmail, Inc.", I have successfully captured my mother's password (the "Mom" test)