a few years ago there was news like the german/russia mitm involving false certs again, the recommendation was to use certificate transparency (a post-2013 tech) more thoroughly it's hard for me to do that as i don't tend to have secure systems, compromises could be integrated along the path. - i was thinking a little of this mitm, and my own experiences of having even new devices become quickly compromised (a scary thing), what if it is even just shortly after boot ... how would this be done? well, this example shows the attackers simply registered new certificates using normal certificate authorities. for example, with letsencrypt, if you have physical access to the target's routing infrastructure, i imagine you can simply spoof their server to get falsified certificates for it that any system would verify. such a technique would be greatly helpful in compromising new devices purchased by a target. if you had certificates for things that would let you access it. often i think, how can i verify certificates if my devices could be compromised? [some amnesia confusion here] but i think there's a little interestingness -- maybe certificate compromises, could be part of how the devices are compromised. the reason is i've gotten some weird certs over the years, for example changing every week or something it gives a potential avenue for finding a little security, having something to think about.