> getting someone else's computer to accept a rogue root CA is a big deal
IMO not necessarily. See this part of what I said:
> telling their users to trust a certificate signed by them, without properly explaining the consequences of that. And a lot of novice users would likely use that proxy service. Gleefully unaware that even the “encrypted” traffic is completely visible to the proxy.
But in addition to that, note that where I was using the word “only” was specifically in the part of my comment where I was talking about how I set up Squid for myself using my own Raspberry Pi and my own personal computer.
IMO not necessarily. See this part of what I said:
> telling their users to trust a certificate signed by them, without properly explaining the consequences of that. And a lot of novice users would likely use that proxy service. Gleefully unaware that even the “encrypted” traffic is completely visible to the proxy.
But in addition to that, note that where I was using the word “only” was specifically in the part of my comment where I was talking about how I set up Squid for myself using my own Raspberry Pi and my own personal computer.