97
what if the hacker provided the public key for https connection?
(www.youtube.com)
This is a most excellent place for technology news and articles.
All TLS/HTTPS clients have a set of Certificate Authority keys which they trust. Your client will only accept a public key which is signed by a trusted CA's key. A proper CA will not sign a key for a domain when it has not verified that the entity that wants it's key signed actually controls the domain.
Most browsers trust many certificate authorities from all over the world.
Any of them could...
...and yes, it has happened already.
HTTPS as most of us use it today is useful, but far from foolproof. This is why various additional measures, like certificate pinning, private CAs, and consensus validation are sometimes used.
Thats why we now have certificate transparency reports and CA-records.
Sure not perfect, but at least with a compliant CA it wont just happen in the dark.
At some point you have to trust someone.