> Then the proxy was changed to replace every destination SSL server
> certificate with a new server certificate with the same details signed by
> the internal CA. As far as the browser is concerned the server certificate
> is valid: the CN field matches the server hostname and the certificate is
> signed by a trusted CA.
> Something similar could be done by any trusted CA that is able to
> intercept and modify traffic between the client browser and the
> destination server.
Yes, definitely. That's the main concerned being raised here. But Mozilla's point is that this is a traceable attack -- the end user can simply save a copy of the new, modified certificate as evidence that the proxy/government/whatever was doing it. While it's true that their browser will accept it without complaining, all the user has to do is glance at the issuer to see if it was the rogue CA or not. At that point, you'd send this proof to Mozilla and they would blacklist the CA.