If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.

▲

eptcyka 3 days ago | parent [-]

Kazakhstan literally forced their own cert for lots of popular sites for a while, expecting users to click the through and accept them. It was made illegal to not accept government certificates.

	▲	esafak 3 days ago \| parent \| next [-]
		https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_a...
	▲	Thorrez 2 days ago \| parent \| prev [-]
		Was Kazakhstan successful? esafak's link seems to imply it wasn't very successful. Anyways, my point wasn't that a government can't MITM using a root cert. My point is that the government can't do so secretly. The whole world will know if they try.