• @[email protected]
    link
    fedilink
    English
    1
    edit-2
    5 months ago

    I think you may have gotten confused at some point in this comment chain… That is not what we were talking about at all.

    The OP was about an ISP (not a Government) trying to get a CA to give them a copy of a cert so they could setup a fake version of a website to deploy malware. In no point of this comment chain are we talking about any government agencies forcing a CA to give them a cert.

    If an ISP, with no legal backing (because they are not the government) get a CA to give them a cert, and the CA does it, that CA if discovered would very much lose any reputation it had and people will no longer trust it, thus ruining the company.

    My reply was pointing out how any law that allowed an ISP to gain a cert from a CA would clearly be insane, and if a CA rolled over instead of fighting it, nobody would trust them with their certs anymore.