• Zeoic@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    6 months ago

    Exactly, and with ISPs not being the government, they can not force CAs to do anything. And yes, if a CA complys with an insane law that allows anyone to skirt around security and privacy (their ENTIRE purpose), they will lose the faith of the public, and people will drop them. Whether it was legal or not doesn’t matter much for public sentiment.

      • Zeoic@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        Thats hilarious 😂 I can name over half a dozen of them that do it on a regular basis.

          • Zeoic@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            In canada, Shaw is one that glaringly and repeatedly violates Canadian Personal Privacy laws, in fact, nearly every ISP does so with only a few exceptions. Nothing usually happens to them, and if it does its just a small slap on the wrist. Its cost of doing business to them.

            In canada at the very least, an order like that from the government to a CA wouldn’t even be lawful. Just have to hope the CA has decent lawyers…

              • Zeoic@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                6 months ago

                I think you may have gotten confused at some point in this comment chain… That is not what we were talking about at all.

                The OP was about an ISP (not a Government) trying to get a CA to give them a copy of a cert so they could setup a fake version of a website to deploy malware. In no point of this comment chain are we talking about any government agencies forcing a CA to give them a cert.

                If an ISP, with no legal backing (because they are not the government) get a CA to give them a cert, and the CA does it, that CA if discovered would very much lose any reputation it had and people will no longer trust it, thus ruining the company.

                My reply was pointing out how any law that allowed an ISP to gain a cert from a CA would clearly be insane, and if a CA rolled over instead of fighting it, nobody would trust them with their certs anymore.