Hacker News new | past | comments | ask | show | jobs | submit login

Delivering a TLS certificate over HTTP is useless as a MITM can simply substitute his own certificate.



Just like real-world TLS, the browser would validate the certificate before using it. TLS can be MITM'd too - if you can find a way around browser validation of the certificate.




Consider applying for YC's first-ever Fall batch! Applications are open till Aug 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: