This is only true using a man-in-the-middle from the initiation of the connection. SSL/TLS sends random PKI keys at the start of a connection. The trusted CA keys are used only for identity (so you know you are really connected to xyz.com). After all, you can have SSL/TLS connections without a trusted CA. It basically works like this: When you make an SSL/TLS connection, each side generates a random keypair, whereafter each sends its public key to the other side. Using these public keys, each side sends a new random symmetric key back again to the other side, whereafter the actual data transmission begins.
No comments yet.
