What I call MITMing is decrypting the payload by impersonating the server (or the client if needed) often with the help of a corporate browser that have been instructed to trust this lie.
Most of network security appliances do not work like that, and merely listen the traffic (usually mirrored, no need to be in the middle).
Pretending that this is OK is like pretending that it is OK to send passwords in plain text because "only a bunch of competent professionals could intercept them".
Anyway, Google have proven that this practice can be detected on the server and I'm confident HSTS+such server side detection will make this practice nothing but a waste of money within a few years .
Pretending that this is OK is like pretending that it is OK to send passwords in plain text because "only a bunch of competent professionals could intercept them".
Anyway, Google have proven that this practice can be detected on the server and I'm confident HSTS+such server side detection will make this practice nothing but a waste of money within a few years .
(https://googleonlinesecurity.blogspot.nl/2013/12/further-imp...)