Hacker News new | past | comments | ask | show | jobs | submit login

Not when the cert has been previously CT and Staple preloaded I suspect?



If a user manually imports a CA, it bypasses protections like CT [1]. This is a feature specifically designed to allow MITM for corporate proxies.

Always seemed like a misfeature to me, but all the browsers do it.

[1] https://chromium.googlesource.com/chromium/src/+/master/net/...


Sounds ridiculous that even when a site host specifically says they want things Stapled and CTd are ignored like that.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: