[kodablah]

> This is how the system was meant to work.

No, not across all applications on your computer. This is not about using your own CA, it's about making other software use your CA. They could just issue an update to their software to trust their own certs instead of infecting the rest of the OS.

[5ilv3r]

They could. That would be a bit tricky though since http libs usually use the shared system cert store.

[xxs]

This is nonsense (the tricky part), esp. when it comes to a software giant as Blizzard. Virtually any ssl/https library allows custom certs that can be shipped along with the executable. It's awfully common to see clients (enterprise) with trust-all keystore.

[kodablah]

Any reasonable one would allow you to change the trust store or approach programmatically.

[5ilv3r]

My argument was that centralizing trust as a service is unsustainable. That's all.