Hacker News new | past | comments | ask | show | jobs | submit login

> It actually helps tremendously, since at the very least now there can be a "black market" for legacy (pre-Sept-2020) buckets

Err, no, countries will just block the legacy bucket URL style and say that only the bad guys would still be using it.




If they went to that extreme maybe they’d block AWS altogether. Or all SSL traffic!


People didn't seem to remember that the exact thing happened to Google. Picasa, youtube, GCloud, GSuite, and finally Gmail.

Who's next, domain fronting on Microsoft Azure?


That would mean they are blocking all S3 buckets indiscriminately.


Only old S3 buckets that are accessed the old way.


Couldn't they just middle-man the traffic and block specific URLs?


ssl prevents that.


It explicitly does not. It means there are additional barriers to doing it - people would need to accept a bad cert (we already know the overwhelming majority will), or they would need to slip in their own CA that allows them to generate their own valid certs for MITM, but that is eminently doable for the Chinese government inside of China. They can then block all traffic for people that do not use the cert that allows them to decrypt said traffic. It functionally is the exact same thing, and would still allow "legitimate" traffic without problem.


That's not what explicitly means. Ssl explicitly does prevent mitm attacks from intercepting URLs of requests.

The fact you can get around it by ignoring the cert is a bit irrelevant. It's like saying locks don't work because people can break your window.


As noted, you don't have to ignore the cert, and we're talking about state level actors.

And it's not the window. It's like saying locks don't work if the state has a master key, which they do.


They already have their own CA in browsers, so they can easily MITM. That’s why mobile apps will use certificate pinning to verify their server


I thought countries who did this already issued their own certs to be able to analyze traffic. Like China. Maybe I misunderstood.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: