Talk:Transport Layer Protection Cheat Sheet
Make the warning about "no such thing as internal network" more prominent. There are several types of attacks that can be conducted by using ARP spoofing and MitM an SSL/TLS session. One of the most interesting is hijacking credentials to virtual machine provisioning interfaces, then reusing the credentials to create malicious VMs, boot existing VMs off of untrusted media, etc. I think this is an overlooked issue with SSL since most of the focus is on ecommerce.
Second, add a paragraph regarding the BEAST attack and mitigations present in later version of the TLS spec. Urge adoption of modern TLS implementations.