We use HSTS to force SSL, we do certificate pinning, the DNS uses DNSSEC.
A decade ago that proposal would work, but now you'd find parts of the internet broken and with each day more parts would break. The very thing you propose is in essence what state level surveillance did at times, and also what advertisers try and do... the internet is building defences against this.
You can capture packets to your hearts content, but it will all be encrypted and your chances of decrypting are low. You can MITM too, but you will break a lot of stuff when the chain of security breakage is detected.
Interesting, I thought this happened at my office (using Dell Sonicwall). Lfgss shows up as HTTPS but with a red line through it and the certificate being the firm, not lfgss. Or is that something different?
Wouldn't work on LFGSS.
We use HSTS to force SSL, we do certificate pinning, the DNS uses DNSSEC.
A decade ago that proposal would work, but now you'd find parts of the internet broken and with each day more parts would break. The very thing you propose is in essence what state level surveillance did at times, and also what advertisers try and do... the internet is building defences against this.
You can capture packets to your hearts content, but it will all be encrypted and your chances of decrypting are low. You can MITM too, but you will break a lot of stuff when the chain of security breakage is detected.