Announced that Google and Mozilla will block root certificates certified by dictatorships



In Kazakhstan, where dictatorship continues, governments are forced to install government-certified root certificates. Mozilla and Google have announced that they will block the root certificate by the government of Kazakhstan in response to strong criticism that the government may intercept encrypted communications of the HTTPS protocol if this root certificate is introduced Did.

Google Online Security Blog: Protecting Chrome users in Kazakhstan
https://security.googleblog.com/2019/08/protecting-chrome-users-in-kazakhstan.html


Mozilla takes action to protect users in Kazakhstan-The Mozilla Blog
https://blog.mozilla.org/blog/2019/08/21/mozilla-takes-action-to-protect-users-in-kazakhstan/


In Kazakhstan, a domestic Internet service provider (ISP) informs users that it is now mandatory to install a root certificate certified by the Kazakh government. This install the root certificate and man-in-the-middle attack communication by is has been pointed out is likely to be intercepted by a third party, was actually also raised reports that had received the man-in-the-middle attacks by Kazakhstan domestic ISP.

A dictatorship forces the public to introduce a government-certified root certificate, and an man-in-the-middle attack by an ISP is also confirmed-gigazine


“Today, Mozilla and Google have taken action to protect personal online security and privacy in Kazakhstan. Firefox and Chrome have blocked the possibility of Kazakh government intercepting domestic Internet traffic. Will be technically resolved 'and announced that Kazakhstan's root certificate will be blocked.

Specifically, root certificates with the following hashes are blocked: Google has added the root certificate of the Kazakh government to the revocation certificate list “ CRL Sets ” that Google created independently as part of the Chromium project. In addition, when Firefox tries to access a website that responds with the corresponding root certificate, the error message 'The certificate should not be trusted' will be displayed.


“Some people around the world trust Firefox to protect against attacks that compromise security when using the Internet,” said Marshall Irvin, senior director of trust and security at Mozilla. “Protecting the integrity of the web is the reason Firefox exists.”

“We will not tolerate any attempt by governments or organizations to compromise Chrome users’ data, ”said Chrome senior engineering director Parisa Tabritz. We will always take action to protect users around the world. '

Mozilla development staff encourages Kazakh users to access the web using VPN software or Tor Browser, and all online accounts after uninstalling from the device if root certificates are already installed Insist that the password should be changed.

in Software,   Web Service,   Security, Posted by log1i_yk