Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
codedokode
on Oct 20, 2023
|
parent
|
context
|
favorite
| on:
Encrypted traffic interception on Hetzner and Lino...
So should we conclude that SSL cert infrastructure is completely compromised and now any country can issue fake certificates?
blueflow
on Oct 20, 2023
[–]
No, there is no reason to jump to such extremes.
codedokode
on Oct 21, 2023
|
parent
[–]
There are approximately 10 Tier-1 ISPs through which majority of Internet traffic passes, and unless I misunderstood something, they can issue valid certificates for almost any domain. To me it looks like "completely compromised".
blueflow
on Oct 21, 2023
|
root
|
parent
[–]
Every CA can issue valid certificates for every domain? And it always has been that way.
codedokode
on Oct 21, 2023
|
root
|
parent
[–]
CA has a risk to get their root cert removed from browsers; ISP doesn't risk anything especially when asked by the govt.
blueflow
on Oct 21, 2023
|
root
|
parent
[–]
They risk having their peerings cancelled. Also it might be a crime in some countries.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
