|
|
|
|
|
|
by altfredd
2703 days ago
|
|
|
> Those arguments are invalid. Your individual statements are correct, but they do not add up to valid argument in this case. Kazakhstan forces their citizens to install government-issued certificate to use SSL. This allows Kazakhstan to track their citizens. Which proves, that a regime can track it's citizens even in presence of SSL encryption. In other words, using SSL/PKI does not inherently prevent tracking by powerful entities. You need to create your own government for that. It is naive to think, that regimes like egypt/syria/US can't track people, while at the same time being able to exert overwhelming physical force over the exact same people. If you can force someone to hand over encryption keys, you can track them. Different countries do the same thing, everyone just picks their preferred ways: physically controlling Certificate Authorities in case of US, handing over encryption keys in case of Great Britain. > Compare that to yum/rpm which use secure https and signed rpm and signed metadata No, using more "secure" technologies does not amount to better security. |
|
|
So why debian/ubuntu vulnteer to remove this layer? Why doing the equivalent of installing random certs for every gov/isp on every user?
Yes, government can force someone to install it, but it won't use force on every single person.