[fuoqi]

A proper solution for MitM is mandatory independent certificate transparency, not outright denial of national CAs support in browsers. A German National CA should not be able to issue certificates for .ru in the first place and having a clear record of misbehavior in CT is probably not something operators of such CA would like to have even when pressured by intelligence agencies.

Browsers should get their shit together and add proper support of domain-limited CAs and add optional whitelisting of CAs for given websites.

[agwa]

> Browsers should get their shit together and add proper support of domain-limited CAs

They do in fact support this - e.g. Mozilla trusts KamuSM only for .tr [1], Chrome limited ANSSI to French TLDs [2].

However, there is no indication that the EU would be willing to accept such constraints on their national CAs. If you look at several of the current national European CAs, they routinely issue for generic TLDs like .com.

[1] https://groups.google.com/a/mozilla.org/g/dev-security-polic...

[2] https://security.googleblog.com/2013/12/further-improving-di...

[lambdaone]

Cool. Domain-limited CAs are a really good idea, and they don't need anything like dynamic downloading of CAA records.

[smarnach]

CAA records only apply at the time a certificate is issued, and they only need to be considered by CAs. If the CAA record is changed later, all certificates that have already been issued continue to be valid, even if the new CAA record does not allow the issuing CA anymore. So looking at CAA records would be useless for browsers anyway.

[supriyo-biswas]

Browsers do have this, although this measure is only selectively applied for certain CAs where misissuance has been an issue (There was a Indian CA for which this was used, need to look around MDSP for the link. I’ll post it shortly.)

[agwa]

Historically, root constraints were only used in response to misissuance, but more recently, KamuSM voluntarily limited themselves to .tr when they applied.