RE: [FORGED] Re: Nation State MITM CA's ?

Kai Engert writes: >Independently of the request for inclusion, this group could discuss if the >Kazakhstan's CAs should be blacklisted, by adding them to the Mozilla CA list >using negative distrust flags That would have some pretty bad consequences. With the MITM CA cert

Re: [FORGED] Re: Nation State MITM CA's ?

On Sat, 2016-01-09 at 14:11 +, Peter Gutmann wrote: > That would have some pretty bad consequences.  With the MITM CA cert enabled, > Borat [0] can read every Kazakh user's email, but no-one else can.  With the > MITM CA blacklisted, Borat can still read every Kazakh user's email, but so > can

Re: Nation State MITM CA's ?

On Thursday, January 7, 2016 at 12:08:10 AM UTC+1, Paul Wouters wrote: > As was in the news before, Kazakhstan has issued a national MITM > Certificate Agency. > > Is there a policy on what to do with these? While they are not trusted, > would it be useful to explicitely blacklist these, as to