[AusNOG] Consultation on s313(3) use
Andrew McN
andrew at mcnaughty.com
Thu May 5 12:23:21 EST 2016
I agree with the point that the domain name may not map nicely to what's
prohibited, but it's probably not necessary to consider other domain
names covered by the certificate.
SNI (https://tools.ietf.org/html/rfc6066#section-3) is more or less
universally used by today's browsers, so the domain name associated with
the request is in cleartext (at least for the first request in an HTTPS
Keep-Alive session).
Regards,
Andrew McNaughton
On 05/05/16 02:58, James Andrewartha wrote:
> On Wed, 4 May 2016, Mark Smith wrote:
>
>> You're assuming that the entire HTTPS website's content is "prohibited", so this censorship can be implemented at a certificate
>> granularity. Incorrect assumption.
>
> For example, check out Google's certificate subjectAltNames:
>
> DNS Name: *.google.com
> DNS Name: *.android.com
> DNS Name: *.appengine.google.com
> DNS Name: *.cloud.google.com
> DNS Name: *.google-analytics.com
> DNS Name: *.google.ca
> DNS Name: *.google.cl
> DNS Name: *.google.co.in
> DNS Name: *.google.co.jp
> DNS Name: *.google.co.uk
> DNS Name: *.google.com.ar
> DNS Name: *.google.com.au
> DNS Name: *.google.com.br
> DNS Name: *.google.com.co
> DNS Name: *.google.com.mx
> DNS Name: *.google.com.tr
> DNS Name: *.google.com.vn
> DNS Name: *.google.de
> DNS Name: *.google.es
> DNS Name: *.google.fr
> DNS Name: *.google.hu
> DNS Name: *.google.it
> DNS Name: *.google.nl
> DNS Name: *.google.pl
> DNS Name: *.google.pt
> DNS Name: *.googleadapis.com
> DNS Name: *.googleapis.cn
> DNS Name: *.googlecommerce.com
> DNS Name: *.googlevideo.com
> DNS Name: *.gstatic.cn
> DNS Name: *.gstatic.com
> DNS Name: *.gvt1.com
> DNS Name: *.gvt2.com
> DNS Name: *.metric.gstatic.com
> DNS Name: *.urchin.com
> DNS Name: *.url.google.com
> DNS Name: *.youtube-nocookie.com
> DNS Name: *.youtube.com
> DNS Name: *.youtubeeducation.com
> DNS Name: *.ytimg.com
> DNS Name: android.clients.google.com
> DNS Name: android.com
> DNS Name: g.co
> DNS Name: goo.gl
> DNS Name: google-analytics.com
> DNS Name: google.com
> DNS Name: googlecommerce.com
> DNS Name: urchin.com
> DNS Name: www.goo.gl
> DNS Name: youtu.be
> DNS Name: youtube.com
> DNS Name: youtubeeducation.com
>
More information about the AusNOG
mailing list