Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


HSTS and government blocking websites
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HSTS and government blocking websites

Yesterday on twitter I had an interesting conversation about blocking websites using DNS. Latvian government has made ISPs DNS servers return NXDOMAIN for a few illegal casino sites. Government also wants to implement a warning, which states why the website was blocked. Currently I think the warning would be implemented using DNS hijacking.

So here's the question. How can government implement a warning if the website was using HSTS before getting blocked?

Comments

  • MakenaiMakenai Member
    edited August 2014

    Most people who aren't tech savvy won't be able to circumvent it or just will read everything very carefully and not want to circumvent it. No point in a warning which only 1/5 people can see.
    Is there a way without the warning?

  • @Makenai force everyone in the country to add as trusted your root cert?

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2014

    Makenai said: Most people who aren't tech savvy won't be able to circumvent it

    That's the whole point.

    Makenai said: No point in a warning which only 1/5 people can see.

    Who the f*ck cares. The aim is to block a website, it's accomplished.

    Is there a way without the warning?

    You sound like it's you who's being tasked with implementing this.

  • MakenaiMakenai Member
    edited August 2014

    rm_ said: Who the f*ck cares. The aim is to block a website, it's accomplished.

    Christ, take a deep breath. I was just wondering. If questions are making you go apeshit I would advice you to leave this thread.
    The aim was indeed to block a website, but there's also aim to warn people saying why the web site was blocked.

    Well I guess if there aren't any other ways this can be closed... I'm still interested though, if you have any information I would be very happy to receive a PM.

  • kijinkijin Member
    edited August 2014

    If the government in question has control over a widely recognized CA, or if it can convince most people to trust it as a CA (perhaps the CA is bundled with a program that is widely used in that country -- for example, almost everyone in my country uses a tax calculation program supplied by the government, and who knows what they bundle with it), then they'll be able to hijack HSTS websites as well.

    Otherwise, people will just see a browser warning.

    Thanked by 1Makenai
Sign In or Register to comment.