W dniu czwartek, 7 stycznia 2016 00:08:10 UTC+1 użytkownik Paul Wouters napisał: > As was in the news before, Kazakhstan has issued a national MITM > Certificate Agency. > > Is there a policy on what to do with these? While they are not trusted, > would it be useful to explicitely blacklist these, as to make it > impossible to trust even if the user "wanted to" ? > > The CA's are available here: > http://root.gov.kz/root_cer/rsa.php > http://root.gov.kz/root_cer/gost.php > > One site that uses these CA's is: > https://pki.gov.kz/index.php/en/forum/ > > Paul
Maybe implement 'in browser' proxychains equivalent - where there will be nested HTTP proxies - one TLS connection trusting GOV CA, second tunel over Amazon/Google/MSFT cloud which they can't block without blocking half of the internet + DNS over HTTPS. We can call that "Gateway CA Certificates.." :) _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy