Y
Hacker News
new
|
ask
|
show
|
jobs
by
yorwba
2901 days ago
Also, if the country has its own root CA, it can just sign arbitrary certificates.
https://en.wikipedia.org/wiki/CNNIC#Fraudulent_certificates
1 comments
yjftsjthsd-h
2901 days ago
Notice of course that that little stunt resulted in them being removed from everybody's trust stores. And it's not like you can just get away with it these days, since certificates are all publicly logged now.
link
viraptor
2901 days ago
> since certificates are all publicly logged now.
Only some of them are. All EV and some DV get published.
link
yjftsjthsd-h
2901 days ago
Didn't realize that; apparently all Symantec certs require it, and I misunderstood that as industry-wide.
link
TomMarius
2901 days ago
Not everybody's. There is whole China where the certs remain installed.
link
gsich
2900 days ago
And how is that accomplished? I doubt this will happen on private PCs.
link