alt Hacker NewsI don't believe it's supposed to proactively check the logs as that would inevitably break in the presence of properly configured MITM middleboxes which are present on many (most?) corporate networks.
The point of the logs as I understand it is to surface events involving official CAs after the fact.
Replies
Melatonic • today at 3:52 AM
Corporate machines would have the proper certs pushed to them for the MITM box to work though - would that affect this ?
➕ show 1 reply
Clients are supposed to check. For example, Apple requires a varying number of SCTs in order for Safari to trust server certificates. https://support.apple.com/en-us/103214
And yes, it does break MITM use cases, for example on Chrome: https://httptoolkit.com/blog/chrome-android-certificate-tran...