Russia attempts mandating installation of root CA on clients for TLS MITM

William Herrin bill at
Thu Mar 10 23:02:31 UTC 2022

On Thu, Mar 10, 2022 at 10:26 AM Eric Kuhnke <eric.kuhnke at> wrote:
> I think we'll see a lot more of this from authoritarian regimes in the future. For anyone unfamiliar with their existing distributed DPI architecture, google "Russia SORM".

Point of clarification: what's happening is that Russian web sites'
certificates are expiring and because of the sanctions, their CAs are
refusing to renew them. So, Russia has spun up their own CA which is,
of course, only present in Russian web browsers.

Bill Herrin

William Herrin
bill at

More information about the NANOG mailing list