Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Might Distrust Dutch Government Certs Over 'False Keys' (bleepingcomputer.com)

Posted by EditorDavid on from the forgoing-Dutch dept.

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.
"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.

4 of 112 comments (clear)

  1. Re:Does it make sense to trust any govt key? by sjames · · Score: 3, Informative

    The problem is the whole system is set up so you either trust a key signer for any key they sign or you don't trust them at all. There isn't currently a mechanism where you can conditionally trust a key signed by a government.

  2. Referendum by Anonymous Coward · · Score: 2, Informative

    Btw, Netherlands will hold a referendum on this new surveillance law, so Mozilla's action is warranted https://www.reuters.com/articl...

    1. Re:Referendum by bokkepoot · · Score: 3, Informative

      Btw, Netherlands will hold a referendum on this new surveillance law

      The referendum to be held is only valid if 30% of the eligible voters actually vote, and even if it is valid, it is (only) an advisory referendum.

      Also, 2 of the major parties have already spoken out as to ignore the results of the referendum, whatever they may be, and continue with this surveillance law.

  3. Re:Does it make sense to trust any govt key? by Anonymous Coward · · Score: 4, Informative

    True, the current system is and always had been broken by design. It only takes one foul apple to spoil the whole dish.