Rob Sayre wrote:
Usually these issues are raised with a sense of entitlement. For example, some participants think the IETF must adjust its specifications to accommodate the laws of their country, but I don't think they would stick up for Kazakhstan in the same way [0].
> [0] https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_attack Kazakhstan is naively honest because it's easier to establish a commercial root CA secretly under the control of a government. Diginotar, which was trusted by most, if not all, browsers, for example, might have been controlled by Dutch or other government. Some country may have legal framework to issue secret government order to force CAs operating in its territory issue forged certificates. According to wikipedia; https://en.wikipedia.org/wiki/End-to-end_encryption Most end-to-end encryption protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or a web of trust. some E2E encryption protocol ignores MITM attacks on CAs and is not secure E2E. Masataka Ohta
