Hi. On Sun, Feb 18, 2018 at 07:30:06AM +0000, Jonathan de Boyne Pollard wrote: > Reco: > > > Browsers do certificate validation, "wrong IP address" would be possible > > if the third party somehow produced a valid certificate for > > wiki.debian.org (you have to be a CA *or* the government to do this) and > > faked a DNS record (that's easy part). > > > One can also do it if one is the person's employer and owns the machine that > the employee is running, no DNS resource record modifications required, > merely the employer as an additional root authority pushed out via group > policy or suchlike and either custom proxy auto-configuration or transparent > proxying at the borders. This has been a known practice for many years, and > there have been for that time a wide range of products sold to employers for > specifically doing this.
It's true, and I'm familiar with the cases like this. But I find it highly unlikely that this hypothetical employer allows using KDE (which is used by OP) at a workplace. Reco