Ask HN: Technical solutions to connect securely over known MitM'ed connection?
My first thoughts are:
1. Connecting via HTTPS, detecting an invalid cert, and then requesting a valid cert from the target website over the MitM'ed connection, and just passing the rest of the traffic over the MitM'ed connection encrypted w/ the valid cert. The problem with this is that any standardized way of requesting the cert could be blocked by the MitM attacker.
2. Preload a large database of certs and connect via HTTPS, detect an invalid cert, and send data over the MitM'ed connection encrypted with the cert from your database, then have the server when they receive an encrypted request, decrypt it with their private key, and if it's still not valid, decrypt it again with their private key. This is harder to detect and block by the MitM because encrypted data, which is essentially random, could look like valid data, but it's also hard to detect on the server because actually random data could be used to DDOS the server (send it random data and it infinite loops).
Are there other approaches, or ways to fix the problems I see with these approaches?