They could pretend to be any domain, yes, but you asked about inspecting a TLS stream, and afaik, there’s no way to do that without the private key. Once the TLS handshake begins, there wouldn’t be a chance for a man in the middle, so that kind of attack would have to be done before the connection is established.
They could pretend to be any domain, yes, but you asked about inspecting a TLS stream, and afaik, there’s no way to do that without the private key. Once the TLS handshake begins, there wouldn’t be a chance for a man in the middle, so that kind of attack would have to be done before the connection is established.