> OK, you are probably correct that this is just one of the many attacks > possible when connecting to insecure networks. Then, of course, there > is the whole idea of letting an untrusted DHCP server direct one's > browser to an arbitrary web page. Looks like an ideal setup for zero > days and phishing tools. Ideally, we should only process the > redirected page into a fairly tight sandbox... user walks into a coffee-shop and asks for a DHCP-request. gets hit by Mallet. ietf puts head in sand. randy