https - hopefully not too stupid a question

Francis Davey fjmd1a at
Sat Jun 16 23:56:00 BST 2012

This is the first question I have initiated on this group, so I hope
it does not seem to be too foolish a query.


I wondered to what extent the government could put a framework in
place to avoid some of these, in particular the use of https. Could
the government set things up within the UK so that certificates were
forged so that they were able to intercept https in transit?

Assume that the Bill gives them the legal power to require anyone in
the UK to do anything in order to facilitate obtaining comms data
could they use that power to require someone/anyone to issue
certificates purporting to be for sites (like facebook)? I am not sure
how easy it is for a state actor to do this in a way that will affect
ordinary people.

I'm not interested in whether the technically savvy are able to avoid
such action - let us stipulate for the sake of argument that they are.


Francis Davey

More information about the ukcrypto mailing list