|
|
|
|
|
|
by fijal
5087 days ago
|
|
|
For what is worth Libya owned a trusted CA (maybe still does), which means that MITM would happily work, because they can transfer all the certs to their own authority. I don't personally see how this is more secure than my self-signed certificate, which generates a warning that's these days very hard to avoid (even if I do know that the cert is fine) |
|
|
With signed certificates, Libya can MITM (unpinned) certificate-backed TLS sessions.
With signed certificates, random people cannot MITM (any) certificate-backed TLS sessions.
With self-signed certificates, Libya can MITM any TLS session.
With self-signed certificates, random people can MITM any TLS session.
I'm not seeing the argument you're making here.