It is the whole point of SSL that there are not any.

My last point about the user’s country linked to the example of Kazakhstan, where all HTTPS traffic is blocked unless you install a government-supplied middleman cert.

And here's a good example of one hand giving while the other takes away; other parts of the UK government are quite cozy with Kazakhstan. We probably sold them the HTTPS interception solution.

> It is the whole point of SSL that there are not any [middleman proxies].

Hahahahahaha, you should do stand-up!

In my more cynical moments, I wonder if the whole point of SSL is to obscure when middleman proxies are in use.

Seriously, examine your browser's trusted CA list. Do you really trust every single one of those CAs to vouch for any website in the world?

If someone has got a CA to produce a fake certificate for your website, you have more serious things to worry about that progressive enhancement!

Unfortunately, most employers and many countries violate this expectation. I expect businesses providing wifi to customers to start doing this, too.

I don't know about 'most' employers - so far I haven't worked for one that has. But I'm sure there are many that do.