|
|
|
|
|
|
by geococcyxc
4595 days ago
|
|
|
Care to elaborate? I do not think you will get a warning if the MITM is done with a certificate signed by a valid CA, even if you have approved some self-signed certificate before for that site. At least I have never seen this in any browser. |
|
|
CAs will always be able to MITM you. Like I said: "the notion of CAs is problematic."
There are two caveats:
1) certificate pinning: your browser has a hard-coded list of certificates for all major websites (e.g. Chromium: https://code.google.com/p/chromium/codesearch#chromium/src/n... (scroll down!))
2) there are add-ons (ie Certificate Patrol) that warn you when the certificate changes