As was in the news before, Kazakhstan has issued a national MITM Certificate Agency.
Is there a policy on what to do with these? While they are not trusted, would it be useful to explicitely blacklist these, as to make it impossible to trust even if the user "wanted to" ? The CA's are available here: http://root.gov.kz/root_cer/rsa.php http://root.gov.kz/root_cer/gost.php One site that uses these CA's is: https://pki.gov.kz/index.php/en/forum/ Paul _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
