Russian Ministry of Informatics has launched its own certification authority, which will issue Internet certificates to local services. It is intended to protect against the possible effects of sanctions and the threat that foreign certificate issuers will revoke the Russian ones.
But it has one hook – that is, several hooks, which Bleeping Computer points out. Trusted authority root certificates, against which endpoint site certificates are compared, are usually preinstalled and part of operating systems or web browsers.
Website of the Russian certification authority in the translator
And as we all know, none of the major browsers and operating systems for ordinary mortals are Russian-made. In short, the Russian certification authority will not just get into them. The user would have to enter such a root certificate into the program manually.
Chrome and others could block it
But the problem is beginning to dawn on us, as web browsers may fear that Russia, as an untrustworthy player, will misuse such a root certificate under its full control as a means of eavesdropping on seemingly encrypted communications with sites that also use certificates issued by that authority – that is, to intercept the Russians on Russian websites (they are still not fully under state control).
Example of domains that already have a certificate from the new authority:
- * .psbank.ru
- * .payment.ru
(full list can be found on the authority’s website)
The creators of large web browsers could therefore respond, for example, by marking these certificates as dangerous and refusing to display the websites that use them; or at our own risk after a security warning is displayed, as we know from cases where the certificate may expire.
The identity of the website itself for obtaining a new certificate is currently being verified by a certificate from the American Sectig. In time, it may be Russian authority, but in the West, such a site would be untrustworthy by default
And then everything will be Russian
But be careful, we are not at the end yet and the ball is still packing. These complications could lead Russia to directly and indirectly force its surfers to use exclusively Russian web browsers. For example, Yandex Browser.
Yandex Browser to every family
Mission completed, the entire Russian Internet village uses a Russian browser, Russian certificates, Russian DNS servers, Russian websites ideally host only on the Russian hosting infrastructure and parallel runet it’s basically done.
It can still be connected to the global Internet, but it doesn’t matter anymore, because Roskomnadzor, the FSB and others can perfectly monitor, eavesdrop on and manage it.