[vbezhenar]

How SNI is helping there? You still will have the entire website blocked. Clear HTTP would help, as they could block few selected pages and rest would be available. I don't understand this entire movement to HTTPS. Some people think that governments won't dare to block Wikipedia, Amazon or Google? Well, they dared and now you have millions of useful articles blocked because of few offending ones. If I would live in a China, I would prefer censored HTTP access over unavailable HTTPS any day.

[baybal2]

> millions of useful articles blocked because of few offending ones

Yes, freedom requires sacrifices. Freedom is not for feeble hearted.

This is an important point. I'd say keeping it in mind is more important for citizens of free countries today, than Chinese.

The sole fact that an argument like this being brought more and more in the West, where it wouldn't fly even 10 years ago, say just how much closer to China the West has become.

[bo1024]

Over plain http, how would you solve the problem of a government modifying pages in transit or replacing them entirely with a new version? I suppose you could use the https public key infrastructure with digital signatures so that visitors know whether they're seeing the original...

[vbezhenar]

Well, if you want that property, technically there was NULL encryption algorithm in early HTTPS versions (probably it's not supported now, but there's nothing unusual about it). So you'll have page in cleartext, including all headers (so censors can drop the connection if they don't like it), but you'll have associated checksums and certificates, so changes should be detectable.