[gchamonlive]

It's not like Beijing CA can issue a rogue certifcate and suddenly a malicious actor would be able to decrypt all your internet traffic. You would have to connect to a service that uses those certificates in the first place.

An interesting experiment would be to log all certificates used by the sites you normally use, say for a month, and then look at the list for anything shady. I have no ideia if an extension exists that would allow such and experiment, but the resulting list would be much more useful.

[lambdaone]

No, that's not needed at all. If the malicious actor can man-in-the-middle traffic to victimsite.com (say using a BGP hijack), they can serve HTTPS traffic to the end user from their MITM server, secured with a certificate issued to "victimsite.com" that is issued by their own CA, and the MITM can then in turn communicate to the real victimsite.com using HTTPS secured by the real site's certificate, signed by its own CA.

Now, there are CAA DNS records, which serve the purpose of restricting the CAs that can sign a particular domain, which would of course be ignored by the malicious actor, but _could_ be checked by the end user's browser. But to the best of my knowledge, no browser does that.

[ajsnigrutin]

This will get noticed in a matter of seconds.

But if your own government tells your own isp to reroute just your traffic over some MITM proxy, it's only you there to notice, and most probably, you won't.

[lambdaone]

In an ideal world, yes, they would by shut down in seconds. Yet BGP hijacks still occur in the real world; here's one from last month: https://slowmist.medium.com/analysis-of-balancer-bgp-hijacki...

And you're certainly right about government-mandated traffic hijacking.

[smarnach]

You are correct that no browser is looking at CAA records, because it would be wrong to do so. CAA records don't retroactively revoke certificates that have already been issued. Their only purpose is for CAs to check them before issuing a certificate.

[miohtama]

In the case of mainland China, it’s easy for the Party 1) issue a malicious certificate and 2) redirect your Internet traffic to MITM box. They do 2) for all the time when blackholing Internet traffic.

With certificate logs there is a chance, I don’t know how high, to catch 1).