Re: Online Safety Bill
There is a clause about browsers too. Browsers will have to code in trust of "government actors" so they can intercept and re-encrypt HTTPS without the browser highlighting that to the users. Companies do the same sort of thing on proxies, understandable, you are using their resource.
Essentially traffic will pass through a device that will decrypt the traffic, check the "plain text", then re-encrypt using the actors certificates. The browser "trusts" those certificates so won't complain. Browser makers may have to have versions for the snoop countries and for the "free" countries.
I guess you could get a "free" version but you would have lots of warnings about untrusted certificates. I'd also guess that the actors device would have to find a way to pass on any originating problems so you would still get warnings about "real" untrusted certificates.
I am not really interested about the workability of the solution here as the implications for secure communication.
__________________
I work for VMO2 but reply here in my own right. Any help or advice is made on a best-effort basis. No comments construe any obligation on VMO2 or its employees.
|