Hacker News new | comments | ask | show | jobs | submit login

If all of their https traffic is compromised, would we not be able to break all of their financial traffic remotely?

Not necessarily, it just means that Kazakh citizens will have a root cert installed on their machine that will allow the government to MITM their https connections. The connection between the MITM and the client will be encrypted (just with the government-controlled cert instead of the server's cert), and the MITM will have an encrypted connection to the server. I suppose it is possible that the MITM could make an unencrypted connection to the server, but I don't know a good reason for the government to do that.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact