Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> another solution would be for YouTube to require SSL for all connections coming from Turkish IPs.

What? NO! They are messing with the DNS results from 8.8.4.4 (Google DNS)

Too early for TLS to do anything. Maybe with HSTS, but I still doubt that HSTS is any effective against state level MITM.



You're right. Maybe if they turned on and required SSL for everyone visiting www.youtube.com and added www.youtube.com to Chrome's preloaded HSTS list and somehow got everyone to use Chrome. Sadly, this probably won't happen, but DNSSEC adoption probably won't happen either. Even with DNSSEC, they could still do deep packet inspection on HTTP traffic going to YouTube IPs and initiate MITM attacks that way.


Why not ditch the current DNS system and use Namecoin? If you have to force some piece of software into users computers, let's do it right at least...


Are you suggesting the government compromised a trusted SSL CA? Or are you just saying they blocked HTTPS?


Huh? The government of Turkey itself is a trusted CA http://www.mozilla.org/en-US/about/governance/policies/secur... Ctrl+F "Government of Turkey"




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: