Comment by josephcsible
3 years ago
I'm not talking about how difficult it is to set up a proxy. I meant that getting someone else's computer to accept a rogue root CA is a big deal, so saying an attack "only" needs that to happen is misleading.
3 years ago
I'm not talking about how difficult it is to set up a proxy. I meant that getting someone else's computer to accept a rogue root CA is a big deal, so saying an attack "only" needs that to happen is misleading.
> getting someone else's computer to accept a rogue root CA is a big deal
IMO not necessarily. See this part of what I said:
> telling their users to trust a certificate signed by them, without properly explaining the consequences of that. And a lot of novice users would likely use that proxy service. Gleefully unaware that even the “encrypted” traffic is completely visible to the proxy.
But in addition to that, note that where I was using the word “only” was specifically in the part of my comment where I was talking about how I set up Squid for myself using my own Raspberry Pi and my own personal computer.
I guess I misunderstood.