To borrow from Eliezer, if you really can't believe something that is happening can happen, then your mental model is wrong.
I originally posted: Every time I have hit this message, it has been mostly irrelevant to me and disrupted what I was doing
[I'm no longer so certain - I can't be sure my router configs haven't been stolen by a MITM attack. I suppose I really ought to find out how to generate and install SSL certificates from a trusted root on them, and post them to someone at the remote sites on an encrypted pen drive.]
I manage a fair amount of networking kit, I find Google results to mailing lists with mysterious and pointless SSL connections. As someone posted in the "End of the Windows Era" thread: "I don't care what OS you have, as long as you have a reasonable browser". This isn't reasonable behaviour.
SSL does not prove anything useful - at the very most that you are connecting to the site your browser intended to connect to, assuming the site DNS hasn't been hacked.
Anyone can pay $20 and get a valid certificate and that doesn't mean you should trust them with your bank account details. Any site with a valid SSL cert might have been hacked behind the SSL termination. If you're scared of MITM attacks, aren't you just as scared of valid SSL certificates on sites with fake DNS or hacked servers?
The security of the DNS and the security of SSL are unrelated. This is one of those Reddit memes that won't die. You can claim to be bankofamerica.com all you want, but you cannot complete an SSL exchange with a signed certificate that says so.
If Eve can take control of DNS and redirect bankofamerica.com to an IP on her servers, and it goes to a webserver with a ceritficate signed for "bankofamerica.com" by a widely trusted CA, then the browser will load it without complaint and show it as a padlocked site.
The only guard seems to be whether she can get any certificate company to sign a certificate for bankofamerica.com. Since it's cheap and easy to get basic SSL certificates from many places, this doesn't seem a very difficult obstacle for her to overcome with a bit of forging, social engineering, insider access, bribery, etc.
(I imagine that she could go to the real bankofamerica.com, save the certificate details it presents, and pass them on MITM style - but hope there are replay-prevention techniques involved. This doesn't affect the question above, though).
The premise of your argument is that it is "cheap and easy" to get a certificate signed by a CA trusted by Firefox and IE for a "bankofamerica.com" domain.
It is not "cheap and easy" to get that certificate. As evidence for that argument, I put forth the fact that no criminal has ever managed to do it.
Now you're starting to see why certificates are so important to security of SSL!
That event was so rare that it made national news, hasn't happened since, and has never happened to a financial institution.
If your argument is that Verisign sucks, though, I won't contest it. I'm not saying the CA business model is good; I'm saying that it's silly to say you can run SSL without CAs.
I originally posted: Every time I have hit this message, it has been mostly irrelevant to me and disrupted what I was doing
[I'm no longer so certain - I can't be sure my router configs haven't been stolen by a MITM attack. I suppose I really ought to find out how to generate and install SSL certificates from a trusted root on them, and post them to someone at the remote sites on an encrypted pen drive.]
I manage a fair amount of networking kit, I find Google results to mailing lists with mysterious and pointless SSL connections. As someone posted in the "End of the Windows Era" thread: "I don't care what OS you have, as long as you have a reasonable browser". This isn't reasonable behaviour.
SSL does not prove anything useful - at the very most that you are connecting to the site your browser intended to connect to, assuming the site DNS hasn't been hacked.
Anyone can pay $20 and get a valid certificate and that doesn't mean you should trust them with your bank account details. Any site with a valid SSL cert might have been hacked behind the SSL termination. If you're scared of MITM attacks, aren't you just as scared of valid SSL certificates on sites with fake DNS or hacked servers?