On 22/03/2025 17:04, Madhu wrote:
May I ask for a source for this affirmation?
I just reported what I observed (by chance; I'm not a regular
consumer) on my ISP -- that the traffic (that traffic under guarantees
of end to end TLSv1.3 encryption) was being inspected and blocked.
[...]
How would you explain what I'm seeing? I didn't look into it deeply.
letsencrypt is trusted in my /etc/ca-certificates. So the ISP (or
ISP's immediate upstream) is presenting a certificate signed by
letsencrypt and proxying the traffic while inspecting it? But I didn't
see mismatched certificate warnings, just the blocked page with data
of what is being blocked. (This was a few months ago, I haven't tried
to access those domains since)
Maybe they are blocking and reporting by host name, not the entire url?
AFAIK, that's sent unencrypted at the start of the negotiation.
But being this your personal experience, there's no need to waste more
of your time. Sometimes I get a little overzealous. :)
Thanks for taking the time to answer.
---
via emacs-tangents mailing list
(https://lists.gnu.org/mailman/listinfo/emacs-tangents)
