Comment by mcny
4 days ago
Let's say I have a public website with https. I allow anyone to post a message to an api endpoint. Could a server like this read the message? How?
4 days ago
Let's say I have a public website with https. I allow anyone to post a message to an api endpoint. Could a server like this read the message? How?
They may not be able to decrypt it now, but it is well known that most of encrypted Internet traffic is permanently stored in NSA data centers [1] with hopes of decrypting it soon once quantum computing can do it.
[1] https://en.wikipedia.org/wiki/Utah_Data_Center
> but it is well known that most of encrypted Internet traffic is permanently stored in NSA data centers
It's "well known"? News to me.
I doubt the NSA has storage space for even 1 year's worth of "most of encrypted Internet traffic", much less for permanently storing it.
They have a relationship with your cert provider and get a copy of your cert or the root so they can decrypt the traffic.
I thought the whole point of the acme client was that the private key never leaves my server to go to let's encrypt servers. Now yes, if I am using cloudflare tunnel, I understand the tls terminates at cloudflare and they can share with anyone but still it has to be a targeted operation, right? It isn't like cloudflare would simply share all the keys to the kingdom?
Yes. They could issue their own certificates, but we have CT to mitigate that, too.
no, the private keys are yours - the root CA just 'signs' your key in a wrapper that is was "issued" by ex: letsencrypt, and letsencrypt just has one job: validate that you own the domain via acme validation.
That is not how PKI works. Your cert provider does not have a copy of your private key to give out in the first place.
Having the private key of the root cert does not allow you to decrypt traffic either.
they would just compromise wherever your tls is terminated (if not E2E which most of the time it is not), but also just taking a memory dump of your vm / hardware to grab the tls keys and being able to decrypt most future traffic and past is also an option.
It's funny that people still have any expectation of privacy when using a vm hosted at a place like AWS or Azure... They're giving any and every last bit you have, if the right people ask.
It isn't just aws though. You could say exactly the same about digital ocean or linode.
Even if you have your own rack at a colocation, you could argue that if you don't have full disk encryption someone could simply copy your disk.
I am just trying to be practical. If someone is intent on reading what users specifically send me, they can probably find bad hygiene on my part and get it but my concern is they should not be able to do this wholesale at scale for everyone.
1 reply →
actually, even the CTO of AWS couldn't hijack an abusive VM server because legal did not allow them to, but when the government is asking it I guess that all flies out of the window.
2 replies →
That's why I self host.
yes, unless you pinned the public key