Cable Forum - View Single Post

tweetiepooh · 13-11-2023, 12:10

There is a clause about browsers too. Browsers will have to code in trust of "government actors" so they can intercept and re-encrypt HTTPS without the browser highlighting that to the users. Companies do the same sort of thing on proxies, understandable, you are using their resource.
Essentially traffic will pass through a device that will decrypt the traffic, check the "plain text", then re-encrypt using the actors certificates. The browser "trusts" those certificates so won't complain. Browser makers may have to have versions for the snoop countries and for the "free" countries.
I guess you could get a "free" version but you would have lots of warnings about untrusted certificates. I'd also guess that the actors device would have to find a way to pass on any originating problems so you would still get warnings about "real" untrusted certificates.
I am not really interested about the workability of the solution here as the implications for secure communication.

13-11-2023, 12:10	#48
tweetiepooh Virgin Media Employee Join Date: Sep 2005 Location: Winchester Services: Staff MyRates BB: VM XXL TV: VM XL Phone : VM XL Posts: 3,117	Re: Online Safety Bill There is a clause about browsers too. Browsers will have to code in trust of "government actors" so they can intercept and re-encrypt HTTPS without the browser highlighting that to the users. Companies do the same sort of thing on proxies, understandable, you are using their resource. Essentially traffic will pass through a device that will decrypt the traffic, check the "plain text", then re-encrypt using the actors certificates. The browser "trusts" those certificates so won't complain. Browser makers may have to have versions for the snoop countries and for the "free" countries. I guess you could get a "free" version but you would have lots of warnings about untrusted certificates. I'd also guess that the actors device would have to find a way to pass on any originating problems so you would still get warnings about "real" untrusted certificates. I am not really interested about the workability of the solution here as the implications for secure communication. __________________ I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.