undefined | Better HN

0 pointsbullen4y ago0 comments

The police station in Stockholm can read visitors HTTPS traffic over their WiFi in clear text and they show it to you when you are there. They simply substitute their root cert and your browser behaves like normal only they can decrypt your HTTPS traffic.

Certificates are a bamboozle of power (who/why/how some entity gets a root cert) and the waste they involve is simply not worth it.

---

- HTTP/2 has head of line issues = it's not better than HTTP/1.1.

- HTTP/3 has adoption issues and ossification of a protocol is THE feature.

- WebSockets are a similar ordeal.

I use HTTP/1.1 Comet Stream and it works very well, it's simpler and can scale "joint parallel" on multiple cores.

---

I'm a bit weary that after 5 years of telling HN to force comment upon downvote nothing has happened.

Your downvote needs to be official otherwise it's unclear who thinks what.

Eventually the HN database will leak and then it will be pretty clear who has downvoted what, so it's only a matter of time anyway.

0 comments

1 comments · 1 top-level

Ajedi324y ago

> The police station in Stockholm can read visitors HTTPS traffic over their WiFi in clear text and they show it to you when you are there. They simply substitute their root cert and your browser behaves like normal only they can decrypt your HTTPS traffic.

If you have actual proof of this (e.g. a copy of one of the rogue certificates issued by this CA) you can get them banned from all major browsers by emailing said proof to dev-security-policy@mozilla.org

My guess though is that you're simply incorrect; the root cert they use is most likely not trusted by modern browsers. Stockholm police can't intercept visitors' HTTPS traffic without their browser displaying an error page, or without those visitors manually marking the Stockholm police's CA as trusted.

j / k navigate · click thread line to collapse