Hacker News new | past | comments | ask | show | jobs | submit login

No, HTTPS only. So probably only Google or the NSA, I guess.



Well, it's not like you can't buy a valid certificate for google.com from a turkish CA that is trusted by all browsers... This has happened before, the only question is how much you're willing to pay.


There's also hardcoded HSTS pining for Google certificates, preventing this.


How does HSTS deal with expired certs?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: