zlacker

A successful mitm with an injected trusted cert should appear 100% valid to the browser. That's the point. According to your device setup the connection has not been tampered because you as the device owner allowed a new root cert to be trusted.

The rest is just fear mongering, I'm sorry, not sure how to phrase that more elegantly or politely. I'm not an uber smart domain expert wrt certs, but we shouldn't have to be to know that valid device MITM with certs is a normal use case. And it shouldn't be used as a boogeyman man on layman users.