Compromising the customer Computer system, for instance by putting in a malicious root certificate into the procedure or browser belief retail store. SSL/TLS is especially suited for HTTP, because it can offer some defense even though only one aspect of the interaction is authenticated. This is actually the scenario with http://XXX
