ARandomerDude a day ago

Start an NSA cutout called Cloudflare. Configure sites to use an SSL/TLS connection to Cloudflare, then a separate SSL/TLS connection from Cloudflare to your actual machine. Then have the marketing team call it "Strict" encryption. Make it free so everyone uses it.

Reply View 2 replies
  • treebeard901 a day ago

    It is also a lot easier since ceetificate pinning has fallen out of favor. Many sites use LetsEncrypt. The Certificate Authority system itself is not reliable.

    In a way it is the perfect solution from a Govt perspective. Other countries have systems at this scale and larger. China for example.

    Reply View 1 reply
    • yencabulator 18 hours ago

      What makes the CA system reliable is browsers insisting on Certificate Transparency before trusting a cert. If an attacker creates an evil cert by stealing the ACME verification traffic, there's a permanent record of it. Big corps can monitor the ledger to see what certs have been handed out to their domains.

      Reply View 0 replies