In what appears to be a bold attack on net freedom, the government of Kazakhstan will reportedly attempt to spy on all encrypted internet traffic going in or out of the country by introducing a “national internet safety certificate” in January 2016.
Brian Spector CEO of MIRACL (previously known as CertiVox) discusses:
How exactly does this work?
“This exploits a fundamental architectural flaw inherent to the design of PKI, which is the security infrastructure that uses digital certificates; the fact that whoever holds a certificate authority’s root key can issue a legitimate certificate to perform a man in the middle attack, decrypting traffic that is meant to be secured between a client and a server.”
Is this a good idea or an invasion of privacy (or both)?
“This is a complete travesty and one more incremental step towards solidifying totalitarian rule. The ability to have ad hoc access to any flow of personal information is antithetical to democratic societies.”
Will this increase security?
“No. Keep in mind that the root key belonging to the “national security certificate” authority is in and of itself a massive single point of compromise that would make an attractive target to any malicious actor who would also like to obtain access to communications for their own gain.
A distributed trust model would make this citizen wide man in the middle attack significantly harder to achieve, if not downright impossible.”