Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.
Google is a threat. They should know they can be subverted if they continue in their ways with the questionably ethical human experimentation (for instance, undisclosed A/B testing including full context)
So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.
If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn’t use it, but hey, if you want to trust them, you can.
If they want to block google search… Eeeeh… I guess that is fine?
But they shouldn’t be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.
So no. Governments should not control the TLS infrastructure.
Ok but my grandma can’t
Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.
Google is a threat. They should know they can be subverted if they continue in their ways with the questionably ethical human experimentation (for instance, undisclosed A/B testing including full context)
What does that have to do with TLS?
One of the reasons to create a domestic redirect of google.com
So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.
If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn’t use it, but hey, if you want to trust them, you can.
If they want to block google search… Eeeeh… I guess that is fine?
But they shouldn’t be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.
So no. Governments should not control the TLS infrastructure.