Curious whether arhag and greg had a "does okturtles/dnschain actually fix TLS mitm" argument?
Yes, we chatted on Skype. Greg explained to me that the extension does modify the browser's TLS validation behavior similar to Convergence/FreeSpeechMe plugins (that wasn't clear to me in any of the literature I found available on the website). So that takes care of any MITM concerns. There is still a non-security-related concern regarding whether this extension can be ported over to other browsers like Chromium (much less IE and Safari, but those are closed source anyway).
By the way, I am glad JoeyD brought up the Squid approach during the hangout, which is an approach I advocated earlier in this post
. That approach is backwards compatible with any browser, but unfortunately it would only be practical to run on a laptop/desktop (I don't think it is even possible to do on an unrooted/non-jailbroken smartphone). I mean it is possible to do with a separate trusted server, but it would have to be really
trusted since it would have access to all the plaintext communication over the HTTPS connection.