Mozilla announced adding to CRLs the root certificate used in the December drill by Interception HTTPS traffic in Kazakhstan. Similar actions were taken by Google, Apple and Microsoft, which also added the Kazakh MITM certificate to their certificate revocation lists.
Using the new root certificate being deployed to intercept traffic in Kazakhstan will now display a security warning in Firefox, Chrome / Chromium, Edge and Safari, as well as derivative products. A similar blocking of the certificate was undertaken last year, after an attempt to impose a “national security certificate” in Kazakhstan.
Recall that in early December, within the framework of the “Cybersecurity Nur-Sultan 2020” exercise, clients of several large Kazakh providers in the city Nur-Sultan, including Beeline, Tele2 and Kcell, received a notification about the need to install an additional certificate on their systems in order to continue access to some foreign sites.
When intercepting a TLS connection at the time of establishing a TLS connection, the real certificate of the target site was replaced with a new certificate generated on the fly, certified by the root certificate that users were instructed to install on their systems.
A forced root certificate compromises user security and violates the fourth principle The Mozilla Manifesto , which considers security and privacy as fundamental factors. Interception scheme implemented in Kazakhstan
violates the verification scheme of certification authorities, since the authority that generated this certificate did not pass a security audit, did not agree with the requirements for certification authorities and is not obliged to follow the established rules, i.e. can generate a certificate for any site under any pretext and completely control traffic.
Mozilla recommends that users in Kazakhstan who are unable to access sites due to the blocking of the Kazakh root certificate switch to using a VPN or install Tor Browser to bypass restrictions. Those who have already installed the forced certificate on their systems are recommended to remove it from the certificate store as soon as possible and change all their passwords.