Thinking about I see two possible ways:
1. Put certificate on your computer that show the middle man as Amazon. Here the flaw in the system is that you (the human) trusts that your computer won't lie to you.
2. Get a proxy server that routes request to the CA to new internal CA that has a host of bogus certificates.
Either way, they exploit trust - either human or computer trust.
1. Put certificate on your computer that show the middle man as Amazon. Here the flaw in the system is that you (the human) trusts that your computer won't lie to you.
2. Get a proxy server that routes request to the CA to new internal CA that has a host of bogus certificates.
Either way, they exploit trust - either human or computer trust.