Russia – man in the middle attack is possible by the government now

[outcoldman]

https://imgur.com/a/hnEPcd8

Just received this email from Russian gov website. It says, that if you want to continue to access some of the russian websites, you need to download a browser, that support them.

https://www.gosuslugi.ru/tls

This website allows you to download root russian CA from, also list of the domain which received already certificates.

-

FYI, I am US Citizen, CO resident, born in Ukraine (USSR) with Russian Citizenship.

[chatmasta]

This seems like an appropriate time to complain that every Apple product comes pre-installed with 172 trusted root certificates [0], and to perhaps reflect on the absurdity of this situation. Why is it necessary for me to trust 172 different entities (not even as a collective, but individually!), and is my only defense against a MITM the hope that Certificate Transparency will catch any violations after they already happened?

[0] https://support.apple.com/en-gb/HT213080

[outcoldman]

One more update, this website https://news.gosuslugi.ru/ has links to Yandex.Browser on App Store and Google Play, which means this app already has root CA from Russian Government.

Last release notes on those browsers don't say anything about adding root CA.

[chokolad]

It could be related to recent recall by Thawte of certificates for various Russian banks and government properties.

[Nextgrid]

They could simply be preparing for Let's Encrypt or the other for-profit CAs deplatforming them.

Keep the CA in a separate Firefox profile so that it's there if you ever need to access government websites that use it while not being able to MITM on your main profile.

[theWreckluse]

If they’re forcing you a custom browser, they might just as well already include custom certificates in the exe, instead of providing them separately.

[bigodbiel]

Devil’s advocate: preventing further disruptions caused by D/DOS attacks on their web based social service infrastructure.