Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates. Which I wouldn't be suprised they possess the ability through some type of secret warrant, heck even private keys.

▲

JoshTriplett 4 days ago | parent [-]

> Why worry about E2E encryption, in theory just need a cert issued from a vast array of CAs or intermediates.

Certificate Transparency thankfully means this is a tool a government could only use once if at all, and then they've burned an entire CA.

▲

CommanderData 4 days ago | parent [-]

Isn't certificate transparency opt-in, so any trusted CA could be a potential attack route.

	▲	JoshTriplett 4 days ago \| parent [-]
		Browsers now require it to consider a certificate valid. Firefox, Chrome, and Safari all require a certificate to include proof of being logged in CT logs.