[rblatz]

Assuming that state level actors don’t have ways to get around https? I’d expect a nation like Russia could acquire or procure new key for the targeted domains or perform some unknown 0 day attack on the targeted companies to acquire the original key.

[nothrabannosir]

Not with certificate pinning , which google certainly has, and I’d be surprised if the other two didn’t. It is an issue for smaller sites (which might have been the real target)

[icebraining]

I don't think IE supports pinning, though, so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible) they could in theory serve their own cert to those users.

[cesarb]

> so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible)

It's possible and easy, the list of ciphers in the ClientHello is different. Take a look at https://www.ssllabs.com/ssltest/clients.html to see what several popular browsers look like.

[rblatz]

They still could perform a previously unknown attack to grab the original key. There could be a side channel attack that we are unaware of that could give out enough information to reconstruct the key. Heck I just saw a post today about an Oracle attack on TLS called ROBOT that a lot of big players are vulnerable to.