isndasnu

SSL itself is just as secure as the certificate authority's loyalty to their customers.

On top of that, browsers don't check (without extensions) where the certificate comes from, just if it's signed by any of the trusted authorities - and governments are among them. This means the NSA could intercept your requests to somesite.com, establish a proper SSL connection between them and somesite.com and forward everything to you through a seemingly valid SSL connection.

SSL is fine to protect yourself on open Wifi networks, but it doesn't protect you from government surveillance. At least that's what I understand. I'm not a cryptologist. Please correct me if I'm wrong.

I agree that using SSL is always better, and I don't really understand how MIM attacks with SSL work, but there seems to be at least one proven to be practical attack.

Maybe someone more knowledgeable can chime in.