Hacker News new | past | comments | ask | show | jobs | submit login

Not when the cert has been previously CT and Staple preloaded I suspect?



If a user manually imports a CA, it bypasses protections like CT [1]. This is a feature specifically designed to allow MITM for corporate proxies.

Always seemed like a misfeature to me, but all the browsers do it.

[1] https://chromium.googlesource.com/chromium/src/+/master/net/...


Sounds ridiculous that even when a site host specifically says they want things Stapled and CTd are ignored like that.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: