Staat der Nederlanden CA might be revoked from Mozilla Policy?

Image of Mattias Geniar

Mattias Geniar, October 30, 2017

Follow me on Twitter as @mattiasgeniar

The official Dutch CA “Staat der Nederlanden” is currently under review by the Mozilla foundation after the intelligence and security services law has been passed, which gives the government (legal) access to serve as a man-in-the-middle for legit TLS connections.

This could have far reaching consequences. They currently have 20+ root & intermediate certificates accepted.

Note there’s still a question mark in the subject, this decision isn’t certain or final yet.

Became vulnerable to MitM attacks.

The new “Wet op de inlichtingen- en veiligheidsdiensten (Wiv)” (Law for intelligence and security services) has been accepted by the Dutch Government. Provisions authorizing new powers for the dutch intelligence and security services will become active starting January 1st, 2018.

This revision of the law will authorize intelligence and security to intercept and analyze cable-bound (Internet) traffic, and will include far-reaching authorizations, including covert technical attacks, to facilitate their access to encrypted traffic.

Source: _Logius: Staat der Nederlanden CA trust issue (WiV)