Hacker News new | ask | show | jobs
by rakslice_ 3857 days ago
This is lame news. But what I'm curious about is: What are they going to do (if anything) to validate the upstream certificates?

- What will their upstream root certificate policy be?

- If they MITM any old upstream certificate, how will they mitigate the huge target they are painting on Kazakh Internet users?
1 comments
peeters 3857 days ago
I would assume their root trust store could be similar to what your browser would use. i.e. a curated set of root CAs with CRL subscription.
link