[liberationtech] French Government doing SSL MITM
Maxim Kammerer
mk at dee.su
Sun Dec 8 09:51:50 PST 2013
On Sun, Dec 8, 2013 at 6:14 PM, andrew cooke <andrew at acooke.org> wrote:
> Despite it being used on a private network, and with user consent, it is
> reportedly a violation of procedures. Google classify it as a "serious
> breach".
First, it doesn't matter how Google classifies the violation, as it is
a private company that does not hold any definitive authority on the
matter, regardless of whatever spin they try to put on their blog
posts.
Now, it's possible that the French can't be trusted with properly
handling intermediate CAs, and that as a result ANSSI should be held
responsible and have its IGC/A root certificates [1–2] revoked from
browsers' trusted stores, but it doesn't mean that the incident is
some case of a government agency trying to covertly spy on citizens or
employees.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=477147
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=693450
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list