Compromising the customer computer, for instance by setting up a malicious root certification in to the program or browser belief retail store. SSL/TLS is particularly suited to HTTP, because it can offer some protection regardless of whether just one aspect with the communication is authenticated. This can be the situation http://XXX
