3Oca
Is there a way to make sure my government does not swap out SSL certificates?
I was recently wondering whether there exists a way to make sure my government is not swapping out SSL certificates in order to intercept the traffic.
I know almost all browsers are complaining in case of a self-signed certificate. But what prevents a government to issue their own keychain?
One can imagine compromising the repositories containing packages with CA certificates and then issuing their own certificate in order to decipher the traffic. All the traffic is going through government loyal tier 1 operator which also has monopoly rights on providing Internet access.
If that is not a possible case, what mechanism is preventing them from doing it?
