Sorry, I mean, browsers today ship with a list of sites that specify a cert that must be in the chain for it to be considered valid, e.g., only trust a facebook.com cert if it's from XYZ CA.
Depending on the wording of the law, it seems like it could require browsers to ignore this requirement for government issued certificates, hence bypassing the cert pinning and allowing them to intercept traffic to e.g., Facebook.
I'm not sure how many sites do this, I think Google's own do, and maybe some of the other big names use it as well, but I'm not certain.
Depending on the wording of the law, it seems like it could require browsers to ignore this requirement for government issued certificates, hence bypassing the cert pinning and allowing them to intercept traffic to e.g., Facebook.
I'm not sure how many sites do this, I think Google's own do, and maybe some of the other big names use it as well, but I'm not certain.