Hacker News new | ask | show | jobs
by vel0city 243 days ago
This is why I don't understand this strong desire for security auditors to have centralized TLS decryption be important to having some high security stance. You're just creating a massive single point of failure and potentially massively weakening encryption.
2 comments
toast0 243 days ago
> You're just creating a massive single point of failure and potentially massively weakening encryption.

It need not be a single point of failure. You can set these things up with redundancy. There's certainly an element of adding risk, your interception box is a big target to do unauthorized interception or tampering; but there's also an element of reducing risk --- you'd be potentially able to see and respond to traffic that would be opaque otherwise.

link
vel0city 243 days ago
> You can set these things up with redundancy

Yes, so instead of one box with the keys to decrypt all the traffic flowing through the network I'll have multiple boxes that have the ability to decrypt all the traffic. Multiple machines to update and secure and guard against those getting attacked or else everything gets broken.

link
palmotea 243 days ago
It seems like its a place were there are some serious tradeoffs. You can choose to have visibility into your network traffic or can choose not to. If you choose yes, you create a single point of failure but have the ability to detect breaches elsewhere; if you choose no, you avoid the single point of failure but make it easier for an attacker to exfiltrate data undetected.
link
vel0city 243 days ago
I'm down for endpoints having to report whatever metrics to whatever servers and have their transactions highly audited. I'm down for their connectivity to be highly locked down. It's important to know what's happening on your systems and where data is flowing, I agree!

But in the end of I want Alice to talk to Bob and know they and only them are talking I'd like to guarantee that. Instead companies are spending tons of money and work hours doing Eve's work for her, installing her tools and getting it all nicely configured for when she logs in.

How many times do we have to backdoor our crypto systems to realize we're not building doors for just us but for everyone else as well?

link