this post was submitted on 10 Nov 2023
518 points (98.9% liked)
Technology
57435 readers
3758 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There can be an infinite amount of certificates for a single domain.
When you setup a connection to a website you basically get a response back that has been signed with a certificate.
Your Browser / OS has a list of certification authorities that it deems trustworthy.
So when you get the response the browser checks if the certificate was issued by a trusted CA.
Now, if the EU forces browsers to trust their CA they can facilitate a man-in-the-middle attack.
In this instance they will intercept the TLS Handshake and give you back a response that was signed by their certificate. Your Browser deems the certificate valid and sets up a secure tunnel to the EUs Server.
From then on they can forward packets between you and the real website while being able to read everything in cleartext