[daysforbeef]

A very senior dev had to be explained he couldn't do a man-in-the-middle attack on an encrypted stream without the server's private key? With all due respect and I don't know much about security but something seems off, maybe you haven't explained the whole story or maybe I'm getting something wrong.

[laurieg]

I think the implication is that the senior dev conducting the interview wasn't really interrupted (hence the quotes around the word) and that it was just how the realistic interview question was presented.

[jdc0589]

senior means different things in different places. More and more developers are considered "senior" just because of experience building basic web apps, doesn't mean they have a deep understanding of http/s, public/private key cyrpto, etc...

Not a good thing, but thats how it is some places.

[flukus]

This doesn't require a deep knowledge of https or public/private crypto though. It requires a very basic knowledge of how encryption works. Although to be fair, you can go a long way without that knowledge.