Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.
Google is a threat. They should know they can be subverted if they continue in their ways with the questionably ethical human experimentation (for instance, undisclosed A/B testing including full context)
So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.
If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn’t use it, but hey, if you want to trust them, you can.
If they want to block google search… Eeeeh… I guess that is fine?
But they shouldn’t be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.
So no. Governments should not control the TLS infrastructure.
TLS certificate infrastructure is a major national security concern. Sure, for religious reasons it can be controlled by a private entity but the governement is certaily already pullibg all the strings there. The problem in the EU is this control is in America now. So they need to wake up and have their own.
Then the can enforce a google ban and seamless redirect to search.eu or whatever. The important thing is to both block google while not breaking the search button on everything that foolishly hardcoded google.com in the code.
There is 0% possibility the US gov cannot publish a certificate in all major browser that could usurp any dns from a registrar in a country under US dominance.
Just because they haven’t used that card uet doesn’t mean they can’t. The clearnet is already a surveillance cesspit. There is no escaping state forces anywhere on it.
It’s just the europeans being complacent about leaving this capability to the americans. For now they depend un US cyber command for it, and they won’t do it to google for the sole benefit of europeans.
There is 0% possibility the US gov could do it covertly.
Sure, they could force it overtly but the rest of the world would have forks of Browsers like 15 minutes after it went through.
Besides, there is no need to go after the browsers. If you want a fake cert for a few days, EU has trusted certificate authorities just like the US that can issue a cert for any website (CAs are usually not restricted to specific TLDs). The CA would just get removed from browsers within days, same as browsers being replaced.
PS: Btw, iTrusChina is also a trusted CA. If the US is not concerned about their main adversary, China, forging certificates, why should EU be worried about an ally doing so?
Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.
Google is a threat. They should know they can be subverted if they continue in their ways with the questionably ethical human experimentation (for instance, undisclosed A/B testing including full context)
What does that have to do with TLS?
One of the reasons to create a domestic redirect of google.com
So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.
If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn’t use it, but hey, if you want to trust them, you can.
If they want to block google search… Eeeeh… I guess that is fine?
But they shouldn’t be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.
So no. Governments should not control the TLS infrastructure.
TLS certificate infrastructure is a major national security concern. Sure, for religious reasons it can be controlled by a private entity but the governement is certaily already pullibg all the strings there. The problem in the EU is this control is in America now. So they need to wake up and have their own. Then the can enforce a google ban and seamless redirect to search.eu or whatever. The important thing is to both block google while not breaking the search button on everything that foolishly hardcoded google.com in the code.
You obviously have no idea what you are talking about. America does not have any more or less of an ability to forge certificates compared to Europe.
Not wanting to live in a surveillance state is not religious, it’s common fucking sense.
There is 0% possibility the US gov cannot publish a certificate in all major browser that could usurp any dns from a registrar in a country under US dominance.
Just because they haven’t used that card uet doesn’t mean they can’t. The clearnet is already a surveillance cesspit. There is no escaping state forces anywhere on it.
It’s just the europeans being complacent about leaving this capability to the americans. For now they depend un US cyber command for it, and they won’t do it to google for the sole benefit of europeans.
There is 0% possibility the US gov could do it covertly.
Sure, they could force it overtly but the rest of the world would have forks of Browsers like 15 minutes after it went through.
Besides, there is no need to go after the browsers. If you want a fake cert for a few days, EU has trusted certificate authorities just like the US that can issue a cert for any website (CAs are usually not restricted to specific TLDs). The CA would just get removed from browsers within days, same as browsers being replaced.
PS: Btw, iTrusChina is also a trusted CA. If the US is not concerned about their main adversary, China, forging certificates, why should EU be worried about an ally doing so?