|
|
|
|
|
|
by mark_round
188 days ago
|
|
|
That was what I was thinking of (but worded it badly in the middle of my rant!) If I wanted to intercept all your traffic to any external endpoint without detection I would have to compromise the exact CA that signed your certificates each time, because it would be a clear sign of concern if e.g. Comodo started issuing certificates for Google. Although of course as long as a CA is in my trust bundle then the traffic could be intercepted, it's just that the CT logs would make it very clear that something bad had happened. |
|
|