Ask HN: Intercepting HTTPS – How can we trust anything at all?
31 by wg0 | 29 comments on Hacker News.
The proxies like Squid can do HTTPS intercepting so I was wondering what's the point of TLS anyway? What if a nation state is determined to intercept all traffic of its internet users or even a major ISP - can't they get a trusted CA colluding with them in such a way that they can generate certificates on the fly and hence replacing the SSL certificate of every website that's get visited, decrypt and encrypt back? Cryptographically speaking, that's possible? Wouldn't it be possible for certain states hostile to their citizens to pay off some trusted CA to get a wide open arrangement of that sorts? Now someone thinking they're talking to gmail could be first talking to a data collection island in the middle? Similarly, other vectors of attack are the IP routing and DNS. I do not understand the Noise protocol but couldn't an ISP or a government pretend to be man in the middle, between let us say a Signal user and its servers? EDIT: Added IP and DNS aspects plus typos
No comments:
Post a Comment