You are reading a single comment by @jellybaby and its replies.
Click here to read the full conversation.
jellybaby-
They can't.
The protocol explicitly includes features to prevent state level MITM. So appliances in the workplace are fucked.
Together with other measures in TLS and DNS there's nothing that those legacy appliances can do.
Work authorised browsers would the only way to MITM, perhaps with browser certifying itself to force you to use it... But now it isn't a transparent MITM as the browser is just an authorised client.
Velocio
They're going to hate the future 😁
But thankfully http3 falls back to http2