Wouldn't the corporation install it's own root certificate in that case? you can MITM without notification. presumably they could tack it on after workstation install.
If they're already going through the trouble of monitoring everyone's traffic, a few extra steps don't seem like that big of a hassle.
Of course, you're right, some large fraction won't bother with their own root cert, and their users will learn many bad habits.
> Wouldn't the corporation install it's own root certificate in that case?
Yeah, but I can audit the certificate store (and I have). On some systems, I am granted local administrator privilege. I wouldn't take out any certs that they install, but if I found that they installed and/or used one, I'd probably stop using most public websites (at least the ones that I have a username/password with).
If they're already going through the trouble of monitoring everyone's traffic, a few extra steps don't seem like that big of a hassle.
Of course, you're right, some large fraction won't bother with their own root cert, and their users will learn many bad habits.