Comment on South Korean telecom company attacks torrent users with malware
tal@lemmy.today 6 months agoI don’t see why they wouldn’t, or couldn’t do this
There are only 52 organizations that Firefox trusts to act as CAs. An ISP isn’t normally going to be on there.
wiki.mozilla.org/CA/Included_Certificates
…salesforce-sites.com/…/CACertificatesInFirefoxRe…
If whatever cert is presented by a remote website doesn’t have a certificate signed by one of those 52 organizations, your browser is going to throw up a warning page instead of showing content. KT Corporation, the ISP in question, isn’t one of those organizations.
LainTrain@lemmy.dbzer0.com 6 months ago
That’s not what I mean.
For example: If I, and ISP in Beijing went to BEIJING CERTIFICATE AUTHORITY Co., Ltd. which is on the list, and had my cert issued by them for foobar.com that listed them as the root trust, wouldn’t that work? Because the service operating there currently is illegal and I need to take it down, i don’t see how or why they could refuse.
This is the only way I can see governments being able to display blocked website notices, takedown notices and other MITM insertions demonstrably happening in all sorts of countries without triggering a “back to safety” warning in most browsers.
Zeoic@lemmy.world 6 months ago
Well for one, ISPs are not the government, and two, if any CA was caught doing this, browsers like firefox would drop them. Hopefully google would too, but who knows. Thats an aweful lot of risk on their part.
LainTrain@lemmy.dbzer0.com 6 months ago
ISPs are not the government - yes, so they have to actually follow laws. And CAs caught doing what exactly, complying with the regulations of their country?
Zeoic@lemmy.world 5 months ago
Exactly, and with ISPs not being the government, they can not force CAs to do anything. And yes, if a CA complys with an insane law that allows anyone to skirt around security and privacy (their ENTIRE purpose), they will lose the faith of the public, and people will drop them. Whether it was legal or not doesn’t matter much for public sentiment.