On Aug 5, 2011, at 6:03 PM, Mark Andrews wrote: > > In message <4e3c9228.4050...@paulgraydon.co.uk>, Paul Graydon writes: >> On 08/05/2011 02:53 PM, Brielle wrote: >>> Until they start MitM the ssl traffic, fake certs and all. Didn't a certai >> n repressive regime already do this tactic with facebook or some other major >> site? >>> >> Syria did: >> https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook<http >> s://www.facebook.com/note.php?note_id=10150178983622358&comments> > > Which is countered by DNSSEC + DANE. A country may be able to fake everything > under their tld but not the rest of the net. > Unless they start proxying all queries and putting their own trust anchors on all the results.
Owen
smime.p7s
Description: S/MIME cryptographic signature
