We really should encourage more use of DNSSEC and TLSA records which are designed to all MITM attacks like this to be detected. Australia has abysmally small DNSSEC take up.
> On 15 Aug 2018, at 2:07 pm, Nick Stallman <n...@agentpoint.com> wrote: > > I'd love a government root certificate personally. > > It would make it blatantly obvious whenever they wanted to use it. You could > also probably sniff it out and block traffic using it even if you couldn't > remove it from your device. > > On 15/08/18 13:46, Robert Hudson wrote: >> n Wed, 15 Aug 2018 at 11:46, Martin - StudioCoast >> <martin.sincl...@studiocoast.com.au> wrote: >> Enforcing a government run root certificate on Australian sold devices is >> not out of the realm of possibility... >> A root certificate would only help them if the application used it as part >> of its encryption processes - whilst a device root certificate is available >> to applications, they're not forced to use it. >> >> >> _______________________________________________ >> AusNOG mailing list >> >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog > > -- > Nick Stallman > TECHNICAL DIRECTOR > n...@agentpoint.com > 02 8039 6820 > www.agentpoint.com.au > > > Level 3, 100 Harris Street, Pyrmont NSW 2009 > _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog