[georgecalm]

It’s possible and is what Charles and MITM proxies do. Specifically, Charles generates its own certificates for sites, which it signs using a Charles Root Certificate. So the clients of this proxy would accept the proxy’s CA and continue as usual. This of course does make browsing less secure, as a compromised proxy negates the security of https of all of the proxied websites. A slightly more secure but less efficient caching solution is to install the proxy locally, but then, of course, the cache isn’t shared.

[mehrdadn]

Can local certificates not be restricted to the few domains you want cached, so that the user can be sure their browser isn't using the local proxy's certificate for anything other than the sites approved on the certificate (like Wikipedia)? I would've thought this is possible, but if not, I feel like browsers should implement the ability to restrict local certificates to specific sites. It shouldn't be hard. They'd obviously have to still upgrade their browsers but then they wouldn't have to twiddle their thumbs waiting for every website to implement its own service workers (or not end up doing so).

[georgecalm]

Yes, come to think of it, that’s possible either manually or with a PAC file. It seems like a decent compromise too to whitelist the proxied sites the weakened security of which you are willing to tolerate, at least in the case where the alternative is not being able to teach/learn in that area, as in Eric’s case.