Hacker News new | ask | show | jobs
by kijin 3308 days ago
As well as forge an SSL certificate for *.wikipedia.org.

Last time I checked, Wikipedia had HSTS enabled. So trying to forge their DNS without also forging their SSL certificate would be equivalent to total censorship for anybody who has previously visited Wikipedia.
1 comments
gjjrfcbugxbhf 3307 days ago
Assuming the government in question has access to a root certificate this should be possible.
link
sqeaky 3307 days ago
Even presuming it is possible, it still raises the cost of censorship. Simply raising that cost is a good thing.
link