Comment by Thorrez
1 day ago
If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.
1 day ago
If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.
Kazakhstan literally forced their own cert for lots of popular sites for a while, expecting users to click the through and accept them. It was made illegal to not accept government certificates.
Was Kazakhstan successful? esafak's link seems to imply it wasn't very successful.
Anyways, my point wasn't that a government can't MITM using a root cert. My point is that the government can't do so secretly. The whole world will know if they try.
https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_a...