There is a massive hypocrisy in browser vendors getting hysterical about self signed certs while letting MITM proxies operate with impunity or worse working with them.
Why isn't there an effort to detect MITM proxies and post equally scary warnings? Surely users have a right to know.
MITM is worse than self signed certs and if 'exceptions' can be found for MITM like corporate security, management etc then the same exceptions should be found for self signed certs for individuals rather than creating dependencies on CA 'authorities'. This just another instance of furthering corporate interests while sacrificing individuals.
How can a browser distinguish between a self-signed server certificate, and a MITM proxy presenting a self-signed server certificate?
The scary warnings for self-signed certificates are in fact a protection against MITM. It's because of them that MITM proxies are forced to install a CA certificate. The main difference is that installing a CA certificate requires explicit action in the browser (and on some newer systems displays scary warnings), while if a MITM proxy could simply present a fake self-signed certificate, it could easily intercept anyone. Therefore, self-signed certificates are strictly worse.
Because it does not rely on any 'authority'. The increasingly scary warnings by browser vendors is in stark contrast to zero interest in detecting MITMs and warning users. The next step could very well be the disabling the ability to add exceptions for self signed certs.
Why not promote content encryption or explore other ideas that do not rely on central authorities, and we can see there are always workaround for corporates but individuals are thrown under the bus.
Why isn't there an effort to detect MITM proxies and post equally scary warnings? Surely users have a right to know.
MITM is worse than self signed certs and if 'exceptions' can be found for MITM like corporate security, management etc then the same exceptions should be found for self signed certs for individuals rather than creating dependencies on CA 'authorities'. This just another instance of furthering corporate interests while sacrificing individuals.