The ability to issue a malicious certificate gives you the ability to instantly mim any https connection.
So about as bad as it gets. Worse, because the user is under the impression there is at least some security on the connection which changes their behavior. - for example most users would now not enter financial details on a non https connection.
Does anyone know if there is a log stored in windows 10 of what root authorities were used by different domains?
I wasn't talking about this particular concern (which I agree with as being severe). Mine is with the mindset behind "perfect security" leading to worse security, that's all.
So about as bad as it gets. Worse, because the user is under the impression there is at least some security on the connection which changes their behavior. - for example most users would now not enter financial details on a non https connection.
Does anyone know if there is a log stored in windows 10 of what root authorities were used by different domains?