1. Home
2. Questions
3. Unanswered
4. AI Assist
5. Tags
7. Chat
8. Users
10. Companies
Stack Internal

Stack Overflow for Teams is now called Stack Internal. Bring the best of human thought and AI automation together at your work.
Try for free Learn more
Stack Internal
Bring the best of human thought and AI automation together at your work. Learn more

Timeline for Installing root certificates by government

Current License: CC BY-SA 4.0

16 events

when toggle format	what		by	license	comment
2 hours ago	comment	added	dave_thompson_085		FWIW BellSoft is among the now-multiple OpenJDK builder/distributors and 8u42n is slightly over a year old
8 hours ago	comment	added	Stack Exchange Broke The Law		Kazakhstan does this because Kazakhstan intercepts your traffic and modifies it - maybe not right now, but they can when they want to. I don't think the question nor the answer need to be very long. If you don't install the certificate, they will still intercept and modify your traffic when they want to, but your computer will know it's wrong and won't load the page.
12 hours ago	answer	added	Danya02		timeline score: 3
21 hours ago	history	edited	sunvis0r	CC BY-SA 4.0	added links to user manuals
23 hours ago	history	edited	sunvis0r	CC BY-SA 4.0	added section about NCALayer
yesterday	comment	added	Basilevs		Resources disputing goverment decisions are easily blocked. In Russia, methods to circumvent blocks are outlawed, and sites disseminating them are blocked.
yesterday	answer	added	ysdx		timeline score: 3
yesterday	comment	added	jcaron		@aaaaaa It's not necessarily the entire point of the install of the certs. They could have legitimate certificates for actual websites that track back to those certs. We can't rule out that they want those certs for MITM, but we can't infer that it is their goal. If OP can still access any site with a regular certificate without installing those root certs, it's unlikely there is (currently) any generalised MITM in operation.
yesterday	comment	added	forest		@aaaaaa The fact that the certificates do not set Name Constraints means that they're definitely not putting any effort into dispelling concerns... In this case, it probably is the point, but an organization making you install a root CA is not always done to make MITM possible.
2 days ago	comment	added	aaaaaa		I'm no expert on this, but want to clarify this sentiment: "Logically, it appears that a MITM attack is possible". It's not just possible, it's the entire point of them installing this onto your computer. So no need to be paranoid, just understand what it is they're doing so you can safely work within their rules. I worked at a company in the US which had us install their own certificates as well.
2 days ago	history	became hot network question
2 days ago	answer	added	Ja1024		timeline score: 20
2 days ago	history	edited	sunvis0r	CC BY-SA 4.0	corrected term
2 days ago	history	edited	sunvis0r	CC BY-SA 4.0	corrected link to egov
S 2 days ago	review	First questions
2 days ago
S 2 days ago	history	asked	sunvis0r	CC BY-SA 4.0