Comment by yencabulator
Comment by yencabulator a day ago
> man in the middle decryption
How would that work?
Comment by yencabulator a day ago
> man in the middle decryption
How would that work?
It is also a lot easier since ceetificate pinning has fallen out of favor. Many sites use LetsEncrypt. The Certificate Authority system itself is not reliable.
In a way it is the perfect solution from a Govt perspective. Other countries have systems at this scale and larger. China for example.
What makes the CA system reliable is browsers insisting on Certificate Transparency before trusting a cert. If an attacker creates an evil cert by stealing the ACME verification traffic, there's a permanent record of it. Big corps can monitor the ledger to see what certs have been handed out to their domains.
Start an NSA cutout called Cloudflare. Configure sites to use an SSL/TLS connection to Cloudflare, then a separate SSL/TLS connection from Cloudflare to your actual machine. Then have the marketing team call it "Strict" encryption. Make it free so everyone uses it.