US internet providers hijacking users' search queries
Owen DeLong
owen at delong.com
Sat Aug 6 09:14:16 UTC 2011
On Aug 5, 2011, at 6:03 PM, Mark Andrews wrote:
>
> In message <4E3C9228.4050808 at paulgraydon.co.uk>, Paul Graydon writes:
>> On 08/05/2011 02:53 PM, Brielle wrote:
>>> Until they start MitM the ssl traffic, fake certs and all. Didn't a certai
>> n repressive regime already do this tactic with facebook or some other major
>> site?
>>>
>> Syria did:
>> https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook<http
>> s://www.facebook.com/note.php?note_id=10150178983622358&comments>
>
> Which is countered by DNSSEC + DANE. A country may be able to fake everything
> under their tld but not the rest of the net.
>
Unless they start proxying all queries and putting their own trust anchors on all the
results.
Owen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2105 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110806/2ad6e1b6/attachment.bin>
More information about the NANOG
mailing list