[lazaroclapp]

Presumably, Germany would have little trouble compelling at least one root CA to sign any TLS certificates they wanted. Just a cursory search shows that Google Chrome, on Linux, trusts, e.g.

> CN = D-TRUST Root CA 3 2013 > O = D-Trust GmbH > C = DE

There is certificate transparency and pinning and so on, and they would be caught (probably, maybe) if they abused this carelessly and at scale, but in practice, for a small number of targets, it would be trivial to wait for users to connect to a less secured TLS site or even a plain-HTTP site (plenty still exist), and then use a browser exploit as the stage 1, followed by whatever escalation of privilege exploit and rootkit is needed. TLS is really good at preventing always-on dragnet surveillance of everyone's internet traffic, but not a counter measure against targeted nation state level attacks.

[akersten]

Google, Mozilla, et al. should make a commitment to revoke the trust of any CA that is found to partake in behavior like that. Even retroactive revocation of existing certificates shouldn't be off the table if the offense is egregious enough.

It's actually pretty scary seeing just how many CAs are in the list of trusted CAs on any given device. While no government is beyond reproach, I do wish there were a way for me as a user to say "don't trust anything signed by CAs outside of these few countries, since it's most likely a hijack, phishing, or in the rare case that I did try to visit some random site, I can approve it manually."

[vbezhenar]

Browsers blacklisted Kazakhstan government certificate used for MITM which was not even trusted. It is absurd to expect anything less than blacklisting such a CA immediately. Certificate transparency is required for all certificates since April, 2018, so you can't really issue rogue certificate.

[razakel]

Here's the Bugzilla report where they actually request their root be added to Firefox:

https://bugzilla.mozilla.org/show_bug.cgi?id=1232689

The answer is basically "no".

[vbezhenar]

AFAIK they used different certificate for MITM. Currently they are using certificate mentioned in that bug to issue certificates for government websites (like https://elicense.kz/ ), so actually a lot of citizens who need to use government services have to install that certificate as a root anyway.

I don't think that they would use that certificate for MITM. They're not fools and they understand that it would lead to blacklisting it which would halt a lot of operations in the country.

[int_19h]

> It is absurd to expect anything less than blacklisting such a CA immediately.

Is it, though? Germany has a lot more economic leverage than Kazakhstan. Suppose they pass a law requiring any browser sold or otherwise offered on the German market to have the government certificate in the chain of trust... how many large companies would cave?

[StavrosK]

Does the browser check?

[throwawayway9]

You could, for example, use the Certificate Manager in Firefox to delete specific authorities you do not trust.

[alcoholic_byte]

Well. That is the reason for Certificate Pinning. And these days there is no excuse to not enable it server-side. Helped me detect some MITM-Interceptions. Not that the content was malicious (OpenDNS just rerouted my requests to a "This site is blocked page", but the certificate was signed by Cisco, and thus valid. Certificate Pinning still picked it up. Little hint: It was an Archlinux-site.).

[DelightOne]

Here [1] it says that Chrome stopped supporting HTTP Public Key Pinning (HPKP) with Chrome 72. There are other debates on it. See the discussions for excuses.

Or is cert pinning something different than HPKP?

- [1]: https://security.stackexchange.com/questions/213410/did-goog...

[zupa-hu]

Thanks for this very insightful comment. I'm sure that wasn't obvious to many. It certainly wasn't to me.