On 23/10/2008, at 21:38 , Peter Barker wrote: > I'd have thought that connection would be secure; the ISP can > verify certificates as well as you can :) And since they're doing > a MitM attack against you, they can even present you with a bad- > certificate message (with advertising). Why would they bother? Alex