Comment by vintermann
8 hours ago
It's back to the question of how much you should give the benefit of doubt to powerful people who openly lie.
8 hours ago
It's back to the question of how much you should give the benefit of doubt to powerful people who openly lie.
It's just not technically feasible, so there's nothing to lie about. They're not MITMing petabytes/sec across dozens (hundreds?) of companies and they haven't broken TLS1.3.
If I have a box at Digital Ocean and I'm communicating with it with TLS1.3 using a Let's Encrypt cert that I generated, where, exactly, does this magical MITM box come into play?
That "box" is a virtual machine, no?
Do you know what hypervisor is managing it? :)
So now this magical NSA decryption system is inside every hypervisor? You realize how ridiculous that is, right?
... not your machines, not your crypto...
Of course it's feasible, you just intercept the traffic post-decryption on the cloud/server side. You don't control how/where your traffic to 3p cloud services is decrypted.
You keep saying this, but it's nonsensical. If I terminate TLS on the box that does processing, there's nothing to intercept.
And these days (especially post-Snowden), many (most?) companies encrypt data when sending between servers within their own (private network) infrastructure.
2 replies →