We really should encourage more use of DNSSEC and TLSA records which are designed to all MITM attacks like this to be detected. Australia has abysmally small DNSSEC take up.
> On 15 Aug 2018, at 2:07 pm, Nick Stallman <[email protected]> wrote: > > I'd love a government root certificate personally. > > It would make it blatantly obvious whenever they wanted to use it. You could > also probably sniff it out and block traffic using it even if you couldn't > remove it from your device. > > On 15/08/18 13:46, Robert Hudson wrote: >> n Wed, 15 Aug 2018 at 11:46, Martin - StudioCoast >> <[email protected]> wrote: >> Enforcing a government run root certificate on Australian sold devices is >> not out of the realm of possibility... >> A root certificate would only help them if the application used it as part >> of its encryption processes - whilst a device root certificate is available >> to applications, they're not forced to use it. >> >> >> _______________________________________________ >> AusNOG mailing list >> >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog > > -- > Nick Stallman > TECHNICAL DIRECTOR > [email protected] > 02 8039 6820 > www.agentpoint.com.au > > > Level 3, 100 Harris Street, Pyrmont NSW 2009 > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
