|
|
|
|
|
|
by manquer
2208 days ago
|
|
|
This is well known issue since Ken Thompson’s trusting trust paper and not what am I getting at it It is degrees of trust . Trust is not absolute , neither is security . Depending on your threat models you have to secure yourself. More transparency improves security does not solve all the problems just makes it costlier for an attacker . If cost outweighs the benefit they will not attempt to do it. Https does not magically make your communication 100% secure ,however the number of people who can issue a certificate from a comprised root CA or control one is considerably less than the number of people who can monitor your plain text traffic . |
|
|