|
|
|
|
|
|
by Bender
95 days ago
|
|
|
TLS intercepts harder to execute without going unnoticed. I would expect the opposite. Certs and their fingerprints changing every few days would numb people to TLS changes. MitM would only get noticed if the expected cert is presented at the application layer which is a thing in jabber from your link above, IF it is enabled which it was not and why that MitM went unnoticed for so long. LetsEncrypt is just a DV cert so a cert being issued by other org for the same domain would not raise eyebrows at all. AFAIK no other web daemons in wide use support things like OMEMO/SSL SCRAM though it would be awesome if everyone was hosting their own jabber instances. In a semi-private forum the fingerprint can be in a pinned comment along with the curl command for members to fetch it but that would have to be updated every few days and someone would have to bother to verify it each time. Doing this weekly could lead to fatigue. |
|
|