That’s not necessarily very easy. These certs would have to show up in public certificate transparancy logs for most browsers to accept them. If this happens on a government scale it would surely get noticed, though the question remains what you’re left to do if the government forces it anyways…
That’s not necessarily very easy. These certs would have to show up in public certificate transparancy logs for most browsers to accept them. If this happens on a government scale it would surely get noticed, though the question remains what you’re left to do if the government forces it anyways…
See https://en.m.wikipedia.org/wiki/Certificate_Transparency section “Mandatory certificate transparency”
admittedly, but i still assume that the CIA could do it if it tried.
edit: thanks for the link though, this seems very interesting :D