I don't think IE supports pinning, though, so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible) they could in theory serve their own cert to those users.
> so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible)
It's possible and easy, the list of ciphers in the ClientHello is different. Take a look at https://www.ssllabs.com/ssltest/clients.html to see what several popular browsers look like.
It's possible and easy, the list of ciphers in the ClientHello is different. Take a look at https://www.ssllabs.com/ssltest/clients.html to see what several popular browsers look like.