Hacker News new | past | comments | ask | show | jobs | submit login

And China has a root CA under their control. I'm on my iPad at the moment so I can't provide the fingerprints of it right now, but I remember "un-trusting it" on all of my machines a long while back.



Also this: https://github.com/chengr28/RevokeChinaCerts/


And the US, host of malicious entities like the CIA and NSA, has several root CA's under their control.


Yes, of course. There's something like, what, around 400 root CAs, I think?

I mentioned the .cn government (and their root CA(s)) because the article mentioned the .cn government, specifically, and the parent comment mentioned "any government that controls a CA".

Obviously, any government with a) control over a root CA and b) control over their entire country's Internet access could carry this out. The article we're commenting, however, called out .cn by name.


I believe there are two of them: "CNNIC Root" and "China Internet Network Information Center EV Certificates Root".


As does anyone with enough money to purchase a certificate authority or crack a certificate authorities servers.


Btw, if China is not to be trusted, wouldn't the proper way to do this be to remove the chinese root CA from your browsers etc?


Yes, that's exactly what I did. I removed the "CNNIC" root certificate authority after some previous mishap (I want to say they issued certs for google.com, et al., but I may be thinking of a different incident).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: