Client-side SSL/TLS MITM, compromised CA and server impersonation detection

I like this idea a lot!<p>A less powerful solution implemented completely locally: A &quot;known_hosts&quot; file for SSL certificates for repeat visits. As long as you&#x27;ve visited a site once before, any subsequent visits will be safe.<p>To deal with certificate upgrades, certificate Y could present a signed verification that it obsoletes a past certificate X. Then, when a client that trusts certificate X receives certificate Y, it can update its &quot;known_hosts&quot; file accordingly. This change would require more than just local changes, but remote cooperation.

Interesting, but doesn&#x27;t this pretty much assume that the MITM isn&#x27;t occurring in the last hops of the path to the server?<p>If all paths (including those through Tor) lead through a piece of compromised infrastructure (a rogue access-point like a pineapple, or subverted router) both will report that the site uses the same certificate despite the MITM.

How is the different from convergence.io? What does using Tor offer over Moxie&#x27;s approach? An existing network of machines?