Re: Shut up about the Chinese Cannon and the Verizon Supercookie
"In fact, you don't have to be a "state level actor" (TM) to MITM a HTTPS session."
OK, then, explain. How do you MITM an HTTPS session without the private key, without breaking certificate pinning, AND if you've been there before (breaking the First Contact Problem)?