Defences[edit]

How can the external server-administrator defend against such a product?

e.g. if Alice wants to send Bob a personal secure communication, via messages transferred on Sam's server, and Bob's work computer is "infected" with a dodgy certificate provided by Eve (the corporate eavesdropper), then:

Eve wants to see the cleartext, and probably has the legal right (as the owner of Bob's PC, and employer of Bob)
Bob has given legal consent, but most likely, he either didn't realise what it meant (not "informed" consent, especially for PII (personally identifiable information under GDPR)), or that consent was "coerced" ("you can't work here unless you agree").
Alice definitely does not consent to Eve snooping.
Sam, the sysadmin wants to protect both Alice and Bob against Eve (and again, clearly does not consent, given his choice to deploy HTTPS).

Is there anything Sam can do to either: - protect against the problem - warn Bob with a browser error (even if the browser has been given a "corporate certificate" to trust) - detect the error, and decline the connection to protect Alice?