Martijn I'm not sure I see the problem here?
Dongsung Kim The issuer of the root CA is Government of Korea, thus never being trusted by any web browser (except for IE.) Besides the fact that I don't trust them one single bit - wiki.mozilla.org/C... - they just are so willing to remove the warning(!) bugzilla.mozilla.o...
Login or register your account to reply
Martijn I can actually come up with several legit reasons for a government to run their own CA. Governments are moving communications about important and personal things like healthcare online, and having these services encrypted with government signed certificates are a very good way of handling things. The real problem is that underlying CA structure where any root CA can MITM any website. Running add-ons like CertWatch, Certificate Patrol, and the Perspective Project can mitigate this, but not for average users.
Mark Dain I don't think that was the issue here; it's fine to have your own CA (I do) but when you don't include the CA on any browser but IE it seems like vendor lock-in.
Dongsung Kim I do agree those are legitimate. However I fear the day when the government - where every Internet connection is legally being monitored and "selectively" blocked through Deep Packet Inspection - would 'ask' some major services or ISPs to use the CA. After some incidents that the "selection" behaves as a political mean, my trust has long gone. Maybe I'm simply paranoia though.
9y, 4w reply