[AusNOG] Consultation on s313(3) use

Kosh Naranek kosh at nervhq.com
Thu May 5 16:28:35 EST 2016


But if someone was on a fresh install of Windows XP with IE6 and wondered
why some websites weren't working, they'd go to google it :).

So Google is probably stuck using as compatible as possible setups.

On 5 May 2016 at 12:23, Andrew McN <andrew at mcnaughty.com> wrote:

>
> I agree with the point that the domain name may not map nicely to what's
> prohibited, but it's probably not necessary to consider other domain
> names covered by the certificate.
>
> SNI (https://tools.ietf.org/html/rfc6066#section-3) is more or less
> universally used by today's browsers, so the domain name associated with
> the request is in cleartext (at least for the first request in an HTTPS
> Keep-Alive session).
>
> Regards,
> Andrew McNaughton
>
>
>
> On 05/05/16 02:58, James Andrewartha wrote:
> > On Wed, 4 May 2016, Mark Smith wrote:
> >
> >> You're assuming that the entire HTTPS website's content is
> "prohibited", so this censorship can be implemented at a certificate
> >> granularity. Incorrect assumption.
> >
> > For example, check out Google's certificate subjectAltNames:
> >
> > DNS Name: *.google.com
> > DNS Name: *.android.com
> > DNS Name: *.appengine.google.com
> > DNS Name: *.cloud.google.com
> > DNS Name: *.google-analytics.com
> > DNS Name: *.google.ca
> > DNS Name: *.google.cl
> > DNS Name: *.google.co.in
> > DNS Name: *.google.co.jp
> > DNS Name: *.google.co.uk
> > DNS Name: *.google.com.ar
> > DNS Name: *.google.com.au
> > DNS Name: *.google.com.br
> > DNS Name: *.google.com.co
> > DNS Name: *.google.com.mx
> > DNS Name: *.google.com.tr
> > DNS Name: *.google.com.vn
> > DNS Name: *.google.de
> > DNS Name: *.google.es
> > DNS Name: *.google.fr
> > DNS Name: *.google.hu
> > DNS Name: *.google.it
> > DNS Name: *.google.nl
> > DNS Name: *.google.pl
> > DNS Name: *.google.pt
> > DNS Name: *.googleadapis.com
> > DNS Name: *.googleapis.cn
> > DNS Name: *.googlecommerce.com
> > DNS Name: *.googlevideo.com
> > DNS Name: *.gstatic.cn
> > DNS Name: *.gstatic.com
> > DNS Name: *.gvt1.com
> > DNS Name: *.gvt2.com
> > DNS Name: *.metric.gstatic.com
> > DNS Name: *.urchin.com
> > DNS Name: *.url.google.com
> > DNS Name: *.youtube-nocookie.com
> > DNS Name: *.youtube.com
> > DNS Name: *.youtubeeducation.com
> > DNS Name: *.ytimg.com
> > DNS Name: android.clients.google.com
> > DNS Name: android.com
> > DNS Name: g.co
> > DNS Name: goo.gl
> > DNS Name: google-analytics.com
> > DNS Name: google.com
> > DNS Name: googlecommerce.com
> > DNS Name: urchin.com
> > DNS Name: www.goo.gl
> > DNS Name: youtu.be
> > DNS Name: youtube.com
> > DNS Name: youtubeeducation.com
> >
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160505/8e90b89a/attachment.html>


More information about the AusNOG mailing list