I'd love to hear a response from @trailofbits about this reported behavior in its new Algo VPN. If true, it strikes me as a deal breaker.https://twitter.com/FiloSottile/status/808355117011521537 …
If you want to do server maintenance, like adding new users, yeah. https://github.com/trailofbits/algo#adding-or-removing-users …
-
-
Do user endpoints ever talk to eachother, or are they always trusting the VPN concentrator?
-
Endpoints aren't talking to eachother, only to the concentrator.
-
Maybe we have two roots, one authing server to user, one authing user to server, latter no serverauth, former ephem?
-
All of this requires testing with clients. Not sure how things like iOS will react.
-
hmmm there are people who should actually be on this thread
@rmhrisk@randomoracle -
But as you suggest, trust anchors can be different between client & server side…
-
And if server-side used LetsEncrypt, there's no need to add random root CA to all clients
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.