In
http://www.mozdev.org/pipermail/petname/2009-February/000019.html, Tyler Close, the author of the Petname add-on for Firefox says that Petname no longer binds the chosen petname to the SSL certificate but to the origin (URL scheme, hostname, port number). He references Collin Jackson's research on origin granularity in browsers at
http://crypto.stanford.edu/websec/origins/ as justification for this change.
This is ok, but I'd also like to be alerted when the certificate changes for a site that I regularly visit. If I visit
https://sometime.com/ and an attacker steals or cache-poisons that domain name using a valid SSL certificate (but not the one from the real owner of the site), then Petname can't help me.
--
Fran