New on LowEndTalk? Please Register and read our Community Rules.
HSTS and government blocking websites
Yesterday on twitter I had an interesting conversation about blocking websites using DNS. Latvian government has made ISPs DNS servers return NXDOMAIN for a few illegal casino sites. Government also wants to implement a warning, which states why the website was blocked. Currently I think the warning would be implemented using DNS hijacking.
So here's the question. How can government implement a warning if the website was using HSTS before getting blocked?
Comments
Like that http://s.lowendshare.com/7/1407318370.271.2014-08-06T094546Z-rt.png
Most people who aren't tech savvy won't be able to circumvent it or just will read everything very carefully and not want to circumvent it. No point in a warning which only 1/5 people can see.
Is there a way without the warning?
@Makenai force everyone in the country to add as trusted your root cert?
That's the whole point.
Who the f*ck cares. The aim is to block a website, it's accomplished.
You sound like it's you who's being tasked with implementing this.
Christ, take a deep breath. I was just wondering. If questions are making you go apeshit I would advice you to leave this thread.
The aim was indeed to block a website, but there's also aim to warn people saying why the web site was blocked.
Well I guess if there aren't any other ways this can be closed... I'm still interested though, if you have any information I would be very happy to receive a PM.
If the government in question has control over a widely recognized CA, or if it can convince most people to trust it as a CA (perhaps the CA is bundled with a program that is widely used in that country -- for example, almost everyone in my country uses a tax calculation program supplied by the government, and who knows what they bundle with it), then they'll be able to hijack HSTS websites as well.
Otherwise, people will just see a browser warning.