Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
dijit
on Dec 17, 2019
|
parent
|
context
|
favorite
| on:
Still Why No HTTPS?
If you can inject such content (as in an arp poisoning or other man in the middle scenario) why wouldn’t you go after the dns requests?
Liquid_Fire
on Dec 17, 2019
[–]
HTTPS will protect you against hijacked DNS requests as well.
dijit
on Dec 17, 2019
|
parent
[–]
Not by itself, if you have special HTTP headers it will. But some of those are deprecated (HPKP; for example)[0]
[0]:
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning#Browse...
Liquid_Fire
on Dec 17, 2019
|
root
|
parent
[–]
If you hijack the DNS request and respond with the IP of a different server, that server will not have a valid certificate for the domain in question. Why are any extra features required?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
