>HTTPS cannot be spoofed, its part of the security involved with the SSL layer. Technically, HTTPS -can- be spoofed, using a wildcard trusted certificate for *. I know that BlueCoat supports this kind of interception to be able to scan HTTPS traffic. It's basically a trusted MITM attack. The main disadvantage IMO is that the check on the clientside whether the certificate is valid or not becomes impossible. Joost
