[143344] in North American Network Operators' Group
Re: US internet providers hijacking users' search queries
daemon@ATHENA.MIT.EDU (Mark Andrews)
Sat Aug 6 22:09:40 2011
To: Owen DeLong <owen@delong.com>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Sat, 06 Aug 2011 02:14:16 MST."
<D8FBCDCB-BCD1-4847-9D23-D5745A5C609B@delong.com>
Date: Sun, 07 Aug 2011 12:08:39 +1000
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <D8FBCDCB-BCD1-4847-9D23-D5745A5C609B@delong.com>, Owen DeLong write
s:
> On Aug 5, 2011, at 6:03 PM, Mark Andrews wrote:
>
> >=20
> > In message <4E3C9228.4050808@paulgraydon.co.uk>, Paul Graydon writes:
> >> On 08/05/2011 02:53 PM, Brielle wrote:
> >>> Until they start MitM the ssl traffic, fake certs and all. Didn't a =
> certai
> >> n repressive regime already do this tactic with facebook or some =
> other major=20
> >> site?
> >>>=20
> >> Syria did:=20
> >> =
> https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook<h=
> ttp
> >> s://www.facebook.com/note.php?note_id=3D10150178983622358&comments>=20=
>
> >=20
> > Which is countered by DNSSEC + DANE. A country may be able to fake =
> everything
> > under their tld but not the rest of the net.
> >=20
> Unless they start proxying all queries and putting their own trust =
> anchors on all the
> results.
Which still won't work unless they can get a false trust anchor for the
root installed.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
