"HTTPS means The Man can't spy on your Internet" ... yeah, not really. http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html Remember that VeriSign sells interception tools to law enforcement: http://www.verisign.com/static/001927.pdf A quote from: http://forum.icann.org/lists/net-rfp-verisign/msg00008.html Verisign also operates a 'Lawful Intercept' service called NetDiscovery [2]. This service is provided to "... [assist] government agencies with lawful interception and subpoena requests for subscriber records [3]." We believe that under such a service, VeriSign could be required to issue false certificates, ones _unauthorised_ by the nominal owner. Such certificates could be employed in an attack on the user's traffic via the DNS services now under question. Further, the design of the SSL browser system includes a 'root list' of trusted issuers, and a breach of _any_ of these means that the protection afforded by SSL can now be bypassed. We do not intend to pass comment on the legal issues surrounding such intercepts. Rather, we wish to draw your attention to the fact that VeriSign now operates under a conflict of interest. VeriSign serves both the users of certificates as customers, and also the (legal) interceptors of same. The certificate owner loses in this battle due to straightforward economics, and is thus no longer represented.