← Back to context Comment by blueflow 3 years ago No, there is no reason to jump to such extremes. 4 comments blueflow Reply codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". blueflow 3 years ago Every CA can issue valid certificates for every domain? And it always has been that way. codedokode 3 years ago CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt. 1 reply →
codedokode 3 years ago There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised". blueflow 3 years ago Every CA can issue valid certificates for every domain? And it always has been that way. codedokode 3 years ago CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt. 1 reply →
blueflow 3 years ago Every CA can issue valid certificates for every domain? And it always has been that way. codedokode 3 years ago CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt. 1 reply →
codedokode 3 years ago CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt. 1 reply →
There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised".
Every CA can issue valid certificates for every domain? And it always has been that way.
CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt.
1 reply →