Re: And it all goes to show...
"sites should be allowed to protect themselves with any cert, even a self signed one"
Websites are allowed to use whatever cert they like (or none at all).
Equally though, users are also allowed to look at a site with a self signed cert and say "that looks fucking dodgy".
And a self signed cert doesn't stop MitM snooping, because there's no way for the end user to know that the cert was signed by the site itself, or by some bit of pass-through spying equipment in between.
Biting the hand that feeds IT
