This is not practically possible for browsers to do, as it would also cause all of the legitimate certificates signed by that CA to become distrusted and break large swathes of the internet. This was one of the main complaints Moxie Marlinspike had in his 2011 talk on TLS (the contents of which are sadly just as true today as they were then)[1].

In fact, there is fairly credible evidence that the NSA did actually do this already back in 2011 with the DigiNotar hack to steal the contents of Iranian emails[2]. This case was so egregious that DigiNotar did get distrusted by browsers, but other hacks like that of Comodo did not result in their CA certificates being distrusted.

The CAB does apparently block CAs more aggressively than they did a decade ago, but I wonder if they would actually block a big CA like LetsEncrypt if it came out they did something shady or got hacked. It just seems incredibly unlikely they would flip the "turn off >60% of the internet" switch regardless of what LetsEncrypt hypothetically did (for reference, in 2011 Comodo signed only 20-25% of website certificates).

[1]: https://www.youtube.com/watch?v=UawS3_iuHoA [2]: https://en.wikipedia.org/wiki/DigiNotar

> the CA would be immediately distrusted by browsers, not as punishment but to deter state actors.

Do you think browsers operate outside of states?

> Compelling by the state to do something that destroys a company is illegal in many jurisdictions

How would it destroy the company? It might affect reputation, but as long as it wasn't the company doing it on its own, they can just claim to be the victim (, which they are). It will only affect the company, if is becomes public knowledge, which the state actor doesn't want anyway. I don't think reputation to not respond to legal warrants is protected by the law. Also for example the USA is famous for installing malware on other countries head of state.

Honestly this is the kind of law enforcement, which is fair in my opinion. It is much more preferable to mandated scanning (EU Chat Control), making the knowledge or selling of math illegal or sabotaging public encryption standards. No general security is undermined. It's just classic breaking in into some system and intercepting. Granted I think states shouldn't do it outside of their jurisdiction, but that is basically intelligence services fighting with each other.

If you're in business of selling X.503 certs trusted by browsers, then not being trusted by browsers kinda limits the marketability of your product.

I don't believe the browsers could be coerced to not distrust such a CA. In every root program I know there's a clause that membership to the program is at browser's pleasure. (Those that have public terms, i.e. not msft, but I'd assume those have similar language.)

Re: they can just do it, well, I think they'd be distrusted the same.

In Symantecgate one of the reasons for distrust was that they signed FPKI bridge, so I think no CA in the future will sign a subca that will sign FPKI certs.

> Also for example the USA is famous for installing malware on other countries head of state.

Yeah, exactly. I think they have more targeted ways that risk less detection and less collateral damage.

Do you thing Google or Apple are going to care? They bowed down to China, I think the state they have their headquarters in has even more leverage. As for Mozilla Firefox on Linux, maybe, but I wouldn't trust this too much either.

> I think they have more targeted ways that risk less detection and less collateral damage.

I think they don't really need to care about this, it was quite clear that no other state is publicly doing anything against this.