Re: Techie question....
> I'm not an expert, but I'm pretty sure this would make a MITM attack even easier.
Only if you use a self-signed cert in an overly-simplistic manner.
> it could just be any old certificate
...But would it have the same fingerprint as mine?
I carry a piece of paper in my wallet with my fingerprint on for exactly this reason; I can tell instantly if a corprat cert is being used (because I don't get warned about my invalid cert), and I get a fingerprint to check if there's any doubt.
I used to consider myself somewhat paranoid, but recent revelations have shown I'm simply not paranoid enough...
Vic.