On Mon, Jul 22, 2019 at 9:20 PM Corey Bonnell via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> > I think the optimal solution in terms of user security is to create a > blacklist of known MITM CA public keys and simply prevent the installation > of certificates containing these public keys in the trust store. If several > browsers could coordinate on such an effort, then perhaps that would > pressure the government to back down on their demand to intercept TLS > communications because their root is would be incompatible with major > browsers. > It is an interesting question. It essentially becomes a gamble on whether they'll back down or just fork their own KazakhFox. But if they do push this all the way with a national browser, then their people are even further worse off. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
