undefined | Better HN

0 pointsicebraining12y ago0 comments

When you connect to an HTTPS site, your browser send the domain (hostname) unencrypted, so that the server can select the right certificate. If it doesn't/didn't, the server could only have one site per IP, so you could identify the site by doing a reverse DNS query.

In any case, blocking access to an HTTPS site is not a significant technical problem.

0 comments

bigiain12y ago

Sure - blocking access to https://www.google.com is not a significant tech problem.

I somehow don't think they're planning on that though.

Blocking access to https://www.google.com/?q=nasty+goat+sex while not blocking access to https://www.google.com/?q=how+to+vote+conservative+in+the+UK requires some technical chops that while not impossible, would put the UK right up there with enlightened democracies such as China, Iran, and Egypt in terms of interfering with their citizens internet use.

I eagerly await the spectacular demonstration of incompetence and misunderstanding of basic internet operation that'll be the fallout of this - perhaps it'll make my local government's own similar mistakes seem less obvious and stupid: http://www.smh.com.au/technology/technology-news/how-asics-a...

marshray12y ago

It is not possible for anyone to block access to https://www.google.com/?q=specific+thing over a long period of time without either custom modifications to every affected client or help from Google itself.

Google's long rocky experience with China proves exactly that.

bigiain12y ago

Not at a 100% level, but we know the Chinese government (and I suspect the UK government) are capable of deploying faked google.com SSL certs which'll pass unnoticed by just about anyone who's not using a certificate-pinning version of Chrome. And China(/Iran/Egypt) clearly has national-border level firewalls capable of using such faked SSL certs to MITM and deep packet inspect entire countries worth of internet traffic on the fly.

1 more reply

captn3m012y ago

More details: https://en.wikipedia.org/wiki/Server_Name_Indication

j / k navigate · click thread line to collapse

0 comments

bigiain12y ago

Sure - blocking access to https://www.google.com is not a significant tech problem.

I somehow don't think they're planning on that though.

marshray12y ago

Google's long rocky experience with China proves exactly that.

bigiain12y ago

1 more reply

captn3m012y ago

More details: https://en.wikipedia.org/wiki/Server_Name_Indication

j / k navigate · click thread line to collapse