• 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 24th, 2023

help-circle







  • There can be an infinite amount of certificates for a single domain.

    When you setup a connection to a website you basically get a response back that has been signed with a certificate.

    Your Browser / OS has a list of certification authorities that it deems trustworthy.

    So when you get the response the browser checks if the certificate was issued by a trusted CA.

    Now, if the EU forces browsers to trust their CA they can facilitate a man-in-the-middle attack.

    In this instance they will intercept the TLS Handshake and give you back a response that was signed by their certificate. Your Browser deems the certificate valid and sets up a secure tunnel to the EUs Server.

    From then on they can forward packets between you and the real website while being able to read everything in cleartext