|
|
|
|
|
|
by illiac786
959 days ago
|
|
|
poor understanding of how PKI work. > that government can ask its friendly CA for a copy of that certificate 1/ copying/reafing the certificate without the private key is something every TLS client must be able to do, this is a must. It is absolutely not a security concern. 2/ copying the certificate and the private key would be a concern, except s CA never sees the private key and hence cannot have it. The CA signs a CSR which does not contains the private key. Overall I still agree with the article since the problem is not that the CA can copy the cert but rather that is can issue a new cert for the same URL, enabling MitM attacks. Also, I garantee this gov CA will be breached in no time. There would be simply too many government agencies with access... Impossible to secure. |
|
|