Do you trust certificate authorities? Do you trust the Chinese govt? Russian?
While I agree in principal, in practice https is not very resilient to the attacks you mentioned because CAs are demonstrably [1,2,3] not trustworthy despite being baked into your browser.
While I agree in principal, in practice https is not very resilient to the attacks you mentioned because CAs are demonstrably [1,2,3] not trustworthy despite being baked into your browser.
1: https://en.m.wikipedia.org/wiki/DigiNotar
2: https://therecord.media/mongolian-certificate-authority-hack...
3: https://arstechnica.com/information-technology/2022/11/state...