hossein alipour
Sep 2, 2018 · 1 min read

Could you please explain third paragraph from last(“ To trick the client that he is…”) a little bit more?

supposing the middle man is the one who has always had the access to user network stream, and for every ssl connection create his own public/private key, why not he couldn’t forge a new SSL Certificate? and why user would know that it’s invalid?

    hossein alipour

    Written by

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade