Encrypting all the secrets in addition to using HTTPS is not a bad idea. Middleboxes terminating or intercepting HTTPS are omnipresent.
-
-
Replying to @jedisct1
If we could figure out how to do that wouldn't we have solved the non-e2e-ness of this without encryption-within-encryption?
1 reply 0 retweets 0 likes -
Replying to @puffyvolvo
Trivial encryption within MITIM’d encryption would mitigate the implications of accidental leaks.
1 reply 0 retweets 0 likes -
Replying to @jedisct1
TLS needs to be more aware of MITMs, from AV filters and free wifi captive portals to CDNs/reverse proxies Easier said than done
1 reply 0 retweets 0 likes
Replying to @puffyvolvo
Easier said than done, indeed :/ Especially when users install additional root CAs (ex: https://sk.tl/3n7mJ9K4 )
3:44 PM - 23 Feb 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.