|
|
|
|
|
|
by joshtalon
5228 days ago
|
|
|
> This reduces the MITM to the initial handshake. Mostly. No matter much you trim your certificate chain, there's nothing preventing Google/your bank/Amazon/etc from sharing their private key with, say, Uncle Sam. However, the backdoor admin access that the gov't gets to sites like TwitterFace and Gmail probably makes that a pointless effort. Confidentiality/Authenticity are pretty much impossible to guarantee unless you control everything on both ends. |
|
|
I mean yes, if you're paranoid enough you probably should build an underground bunker in the mountains and grow your food, but objectively there is a huge security difference between whatever shenanigans a trusted partner may be up to and a large body of auto-trusted with potentially leak able-to-who-knows-where subcerts.