Am Sonntag, 21. Juli 2019 03:31:03 UTC+2 schrieb sim...@gmail.com: > I think it must be quickly blacklisted by Google, Mozilla and Microsoft all > together, because it is known as a state scale MITM affecting citizen "real" > life. > > The purpose of https is being defeated and such companies who tried to > improve network security for past decade have to react (yes, security and > privacy on which they work on are political). > If browser editors do blacklist, citizen will be able to rise against this > privacy attack. > > PS:When a MITM CA is known to be at a company scale, it is not that harmfull > imho because citizen still have privacy at home.
but the obvious question is what will happen then? force a custom browser upon the users which has this change negated but probably wont get any security updates? Don't get me wrong, this cert needs to be stopped, but this thing is generally not easy. although if operating systems start to block these at system level, then it would be quite a bit harder to enforce such a cert since it isnt as easy to get users to change the entire OS, especially when you cannot just modify windows that easily and if windows software is needed, then the gov would shoot itself in the foot quite a bit, when people cannot work anymore because of this. and especially on iOS which you cannot just quickly replace with something else has quite a big impact potential depending on how large their market share over there is. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy