6 Aug
2011
6 Aug
'11
5:14 a.m.
On Aug 5, 2011, at 6:03 PM, Mark Andrews wrote:
In message <4E3C9228.4050808@paulgraydon.co.uk>, Paul Graydon writes:
On 08/05/2011 02:53 PM, Brielle wrote:
Until they start MitM the ssl traffic, fake certs and all. Didn't a certai n repressive regime already do this tactic with facebook or some other major site?
Syria did: https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook<http s://www.facebook.com/note.php?note_id=10150178983622358&comments>
Which is countered by DNSSEC + DANE. A country may be able to fake everything under their tld but not the rest of the net.
Unless they start proxying all queries and putting their own trust anchors on all the results. Owen