| Sorry, I should have written more clearly. - Government forces state-issued certificate on all computers: The government doesn't hide that it's MitM'ing all traffic. The traffic it can't read is blocked. All citizens must install a state-issued certificate to reach any content. There's nothing to do against it. This is what's happening in Kazakhistan now. If another country's government passes a bill, then they can enforce their certificates too. CAA and OCSP are irrelevant here. - Website X issued a certificate from CA Y. CA Y is in government Z's jurisdiction. Government Z forces CA Y to issue that same certificate for itself. Because government Z make the laws fuck you: This time the government hides that it's MitM'ing website X's traffic. No way to detect. The government decrypts traffic on the air. CAA and OCSP are irrelevant here. - Stolen certificate: Somebody stole the root certificate or stole a certificate given to specific website X. Now that somebody(maybe government) doesn't use this certificate widely but use it to attack to a specific target. It may be detectable but if the attacker uses it cleverly, it may also works. CAA and OCSP are relevant here. - We deploy a new decentralized mechanism for TLS: The government doesn't have a company or an organization to ask for a copy of a certificate. That authority is distributed among peers. Since the internet is built on this decentralized certification system, the government couldn't force its citizens to install a state-issued certificate because now the internet doesn't work that way. Now we can use this to secure DNS too. Think it like this: The governments can't go and ask Open Whisper Systems to decrypt Signal messages, it would be ridiculous. We have to build HTTPS in a way that it would be ridiculous for a government to go to an organization and ask for certificates/keys. I hope I made myself clear now. |