Browser vendors could revoke the root that Kazakh authorities are using for
the scheme.

On Mon, Jul 22, 2019 at 5:35 AM Yuri Astrakhan <yuriastrak...@gmail.com>
wrote:

> I don't think browser vendors will block the ability to install a custom
> root certificate because some corp clients may use it for exactly the same
> reason -- creating an HTTPS proxy with fake certs in order to analyze
> internal traffic (in the name of monitoring/security).
>
> Browser vendors could make it more difficult to install, so that it would
> require the corp IT department to do some magic, or even release two
> versions of the browser - corp and general (with blocked uncertified root
> certs), but at the end of the day those could be worked around.
>
> The biggest deterrent in my opinion is to educating the users of the
> dangers such certs would do (i.e. all your passwords and bank info will be
> viewable by ISPs) - thus it would be social rather than purely technical
> solution.
>
> On Mon, Jul 22, 2019 at 1:33 PM Steinsplitter Wiki <
> steinsplit...@wikipedia.de> wrote:
>
> > That's shocking...
> >
> > >> I think this has serious implications for Wikipedia & Wikimedia, as
> not
> > >> only they would be easily able to see which articles people read, but
> > >> also steal login credentials, depseudonymize people and even hijack
> > >> admin accounts.
> >
> > Yes, they can de-crypt the traffic. Hopefully browser vendors will
> > disallow the root certificate.
> > IMHO there isn't much WP can do, expect showing a warning if somebody is
> > trying to login
> > from the country in question.
> >
> > --Steinsplitter
> >
> > ________________________________
> > Von: Wikimedia-l <wikimedia-l-boun...@lists.wikimedia.org> im Auftrag
> von
> > Yury Bulka <setthemf...@privacyrequired.com>
> > Gesendet: Sonntag, 21. Juli 2019 12:36
> > An: wikimedia-l@lists.wikimedia.org <wikimedia-l@lists.wikimedia.org>
> > Betreff: [Wikimedia-l] Universal forced HTTPS backdoor in Kazakhstan
> >
> > I'm sure many have heard about this:
> >
> >
> https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html
> >
> > Essentially, the government in Kazakhstan started forcing citizens into
> > installing a root TLS certificate on their devices that would allow the
> > government to intercept, decrypt and manipulate all HTTPS traffic.
> >
> > Without the centificate, it seems, citizens can't access HTTPS pages (at
> > least on some ISPs).
> >
> > I think this has serious implications for Wikipedia & Wikimedia, as not
> > only they would be easily able to see which articles people read, but
> > also steal login credentials, depseudonymize people and even hijack
> > admin accounts.
> >
> > Another danger is that if this effort by Kazakhstan will succeed, other
> > governments may start doing the same.
> >
> > I wonder if WMF has any position on this yet?
> >
> > Best,
> > Yury.
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> > https://meta.wikimedia.org/wiki/Wikimedia-l
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and
> https://meta.wikimedia.org/wiki/Wikimedia-l
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>



-- 
-george william herbert
george.herb...@gmail.com
_______________________________________________
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and 
https://meta.wikimedia.org/wiki/Wikimedia-l
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, 
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>

Reply via email to