There’s probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it’s not as bad as invalid cert.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
What? What do you mean “DNS space”? Classic DNS does not have any security, no encryption and no signatures.
DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.
And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.
There’s probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it’s not as bad as invalid cert.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
That makes me realize, what kind of country doesn’t cobtrol it’s dns space’s encryption certificates. That’s a major oversight.
What? What do you mean “DNS space”? Classic DNS does not have any security, no encryption and no signatures.
DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.
And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.