David P. Reed wrote: > The mechanism for MITM'ing HTTPS connections is well known. I don't > intend to detail it here, but it is based on the fact that certs aren't > properly validated by client-end software and server-end software. No, this is just not the case. While there are occasionally issues that affect some strange corner case, there are no issues in browsers available on any platforms I know of. It can only be done in Enterprise cases where the Enterprise uses a management system to push new anchors. That part is "well-known". As for blaming protocols when the fault is bufferbloat, you are definitely right on.