> 4) Use an untrusted or invalid certificate. > > We can debate about 4) for a long time We can debate about "untrusted", but we don't need to do that for "invalid".