Yaroslav
If there is no local chapter willing and able to take action, then
presumably it falls to WMF central to do so, as they have in the USA
and Turkey
The Turnip
On Tue, 23 Jul 2019 at 12:41, Yaroslav Blanter wrote:
>
> I do not think Kazakhstan has a chapter. In the past, some Kazakh
>
Seems like something happen early Friday morning.[1]
[1] https://censoredplanet.org/kazakhstan/live
On Sun, Jul 28, 2019 at 2:43 PM John Erling Blad wrote:
> You are right. “Firefox and Chrome disable pin validation for pinned hosts
> whose validated certificate chain terminates at a
You are right. “Firefox and Chrome disable pin validation for pinned hosts
whose validated certificate chain terminates at a user-defined trust anchor
(rather than a built-in trust anchor). This means that for users who
imported custom root certificates all pinning violations are ignored.” [1]
FYI, it seems Wikimedia is not being intercepted at the moment.
https://censoredplanet.org/kazakhstan
Of course, that may change.
It may also be relevant that Wikimedia uses HSTS, and that will make it
difficult for users to access the sites with intercepted certificates if
they have accessed
Correct me if I'm wrong but I believe browsers always ignored HPKP rules
when presented with a cert signed by a CA that is locally installed rather
than default.
On Sun, 28 Jul 2019, 12:58 John Erling Blad, wrote:
> The Kazakhstan MITM could be stopped by HTTP Public Key Pinning [1], but
>
The Kazakhstan MITM could be stopped by HTTP Public Key Pinning [1], but
Chrome seems to have dropped support for HPKP[2]? Dropping HPKP made the
MITM attack possible, by forcing the users to install the root certificate,
as many of the sites listed has been on the HPKP list. With HPKP in place
