[uh_oh]

No, he can't. Not without a valid SSL certificate for cryptonote.org. Sure, there are problems with CAs, but it would nevertheless be very difficult to obtain such a certificate.

[mindcrime]

but it would nevertheless be very difficult to obtain such a certificate.

Not if you're the government. Just send the root CA a "National Security Letter" and bob's yer uncle.

[uh_oh]

We were are talking about a random guy in front of the house, not the government.

[mindcrime]

But the set of "random guys" who might appear in front of your house includes potential government agents.

[lmm]

No, they're nonrandom. And more to the point, it's worth defending against some threats even if you can't cover all.

[yk]

He can put his root CA into the browser, certainly when the browser is first installed, and perhaps with the next update. (Are automatic browser updates encrypted?)

But this is besides the point of in browser crypto. The interesting thing is, you need a reliable delivery platform for your crypto code, but this implies you have a TLS connection. So either a third party can break your TLS and modify the crypto code, or your connection is secure in the first place. The scenarios you are then dealing with, is that the server is potentially malicious, but a malicious server just serves broken crypto.

[Edit spelling]

[jlgreco]

Or (in enough cases to be a valid concern), not without using sslstrip. Which is trivial.

[uh_oh]

If you are the recipient of the link, SSL can't be stripped.

Even if you are an author, assuming you have visited the site over SSL at least once, then it can't be stripped on future visits since the site seems to use HSTS.

[jlgreco]

It is trivial to strip links being sent to a user over unsecured channels.

There are many things that can mitigate an sslstrip style attack, but coverage from those things is patchy.