Y
Hacker News
new
|
ask
|
show
|
jobs
by
jstanley
3601 days ago
Delivering a TLS certificate over HTTP is useless as a MITM can simply substitute his own certificate.
1 comments
billpg
3601 days ago
Just like real-world TLS, the browser would validate the certificate before using it. TLS can be MITM'd too - if you can find a way around browser validation of the certificate.
link