Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How would this even work? Sorry in advance, since I'm not well-versed in encryption, but wouldn't HTTPS also fall under end-to-end communication? What about for military purposes? How would enforcement of this work? Like would they just require that What's App and the like not use end-to-end, or fully just block all encrypted packets on the ISP side? If not, couldn't someone just program an app to do the same, or download APKs of Signal or a similar app? This strikes me as being completely bone-headed.


> wouldn't HTTPS also fall under end-to-end communication?

Not if you have to use a government-issued root certificate.


Wow, so would non-gov-signed certs be completely banned? Like if a website used Let's Encrypt, then would the government just ban people from accessing it? How would that even play out with VPNs? This seems so completely unenforceable, unless Spain decided to enact a China-style Great Firewall, and even then this would be an entirely different level.


They tried to do that in Kazakhstan in 2019. Mandate a root cert installed everywhere, then MITM everything.

Ofc the attempt failed.


They stopped?


Technically still end-to-end but in that case you can’t trust one end.


So spain would have to make a certificate for EVERY website? How would it work, when you would visit a canadian or brasilian website?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: