In message <4e3c9228.4050...@paulgraydon.co.uk>, Paul Graydon writes: > On 08/05/2011 02:53 PM, Brielle wrote: > > Until they start MitM the ssl traffic, fake certs and all. Didn't a certai > n repressive regime already do this tactic with facebook or some other major > site? > > > Syria did: > https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook<http > s://www.facebook.com/note.php?note_id=10150178983622358&comments>
Which is countered by DNSSEC + DANE. A country may be able to fake everything under their tld but not the rest of the net. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
