On 2012-02-06 23:52, ArkanoiD wrote: > Wait.. It is signed for just one FQDN, what is the point of using it for > MITM?
The attackers/network operators know/hope that users will just click through any warning. It doesn't have to be a valid cert for the name to function as a successful MITM attack tool. And some clients will blindly accept any certificate without warning the user at all. This is why we need hard-fail for wrong certificates, such as the preloaded or dynamic pins provide, for all protocols (not just HTTPS).
