|
|
|
|
|
|
by tptacek
5083 days ago
|
|
|
Stipulate that it's true that Libya owned a browser-trusted CA, and compare situations: With signed certificates, Libya can MITM (unpinned) certificate-backed TLS sessions. With signed certificates, random people cannot MITM (any) certificate-backed TLS sessions. With self-signed certificates, Libya can MITM any TLS session. With self-signed certificates, random people can MITM any TLS session. I'm not seeing the argument you're making here. |
|
|