What prevents SDC from authenticating to a different server?
SDC uses TLS-based server authentication to help avoid the possibility of a man-in-the-middle attack. The TLS authentication helps confirm that: • The certificate presented in the TLS handshake evaluates to a trusted Certificate Authority (CA) • The certificate is valid • The common name of the subject of the certificate is an exact match to the domain name that SDC accesses. The set of CAs that SDC trusts is decided by the domain administrator. The JRE/JDK distribution provides a number of default well know CAs including the CA that signs for the Google tunnel servers.