|
|
|
|
|
|
by jlgaddis
3518 days ago
|
|
|
@wsx: I'm not sure exactly where you think the problem lies. If you install a root CA certificate, yes, whomever has the private key can potentially intercept traffic. If you install a root CA certificate, yes, your machine will trust any certificates that it signs. That is the whole point. If you don't trust it, don't install it! This is all BY DESIGN, so I'm not surprised that Microsoft was so dismissive. |
|
|
If you just install the key of your VPN service, to avoid spoofing of that VPN, you also expose yourself to another problem, the risk of a stolen private key. That can be used to sniff you everywhere, VPN, HTTPS, etc...
In the case of Linux, if someone stole my private key of the VPN, my only problem is the VPN, not the whole architecture. because the attacker can only use that private key to spoof my VPN service.
About the sentence "If you install a root CA certificate, yes, your machine will trust any certificates that it signs. ". Not on Linux.