Hacker News new | past | comments | ask | show | jobs | submit login

Wondering about a turtles-all-the-way solution:

A web-socket based protocol that opens up a new SSL session with non-MITM'd certificates.

So you'd open up the snoop-me HTTPS/1.1 connection, do some GETs, then say "GET /busy, yo", and start what looks like a video-chat conversation that is in fact a regular SSL connection with uncompromised certs.

(some protocol) over SSL over Web-Socket over bad-SSL over TCP/IP

You can't solve political problems with cryptography, much though the software engineering industry may wish it were so.

Ultimately, though it will be very hard to accept, crypto may be on the way out as a technology with any political impact. Governments currently accept the rapid increase in SSL because none of the politicians or regulators understand that it's possible to disable it at a country level, and nobody with any technical clue has been willing to point it out to them. But that situation isn't sustainable, as the Kazakh example shows. A sufficiently determined government won't care about minor details like user convenience. They'll just say "you either install our root cert, or you don't get to use the internet" and that's it. Game over. If even just one western country does it, the rest will all follow within a few years.

Use a crypto that doesn't rely on authority.

Somewhat related would be Tor's flashproxy bridges: https://crypto.stanford.edu/flashproxy/

Once it happens enough to be on the radar, it will be blocked or MiTM'd. Probably the former, possibly with a free symposium on the application of rubber hoses.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact