Good progress by @trailofbits on resolving the MITM threat model gap in algo VPN. http://bit.ly/2iuRPNb
It's only needed to gen certs for new users. Today: if you don't use that feature, then it'll never be decrypted and exposed.
-
-
that's what I thought re being used for user creation. I'd say having a compromised root CA is worse than someone controlling VPS
-
bad CA means non-pinned certs can now be faked. Arguably you shouldn't trust your VPS too much anyway since 3rd party controls it
-
But you do trust your VPS, it serves all your traffic through the VPN. It's an easy hop from VPS to Desktop RCE even w/o HTTPS.
-
agree completely. That applied to any VPN software you use though. The CA issue was unexpected. Glad to see it being addressed.
End of conversation
New conversation -
-
-
However this distracts from my point. Protecting the CA key is useful but if an attacker 0wns your VPS you have bigger problems.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.