[gopher] Tor for Gopher
Bradley D. Thornton
Bradley at NorthTech.US
Wed Mar 1 20:43:40 UTC 2017
On 3/1/2017 1:34 AM, Mateusz Viste wrote:
> It would seem you are contradicting yourself. If SSL is not able to
> guarantee "who am I talking to", then the whole encryption point is moot.
> Doing a MITM on SSL is easy if you disregard the CA part of the scheme -
> myself, I did it many times (for good reasons!). It's as trivial as
> setting up a SSL proxy with a fake CA. Yes, encryption is there, between
> the client and my proxy. Then, it may also be present between my proxy
> and the destination server, but on the proxy itself I can comfortably
> dump your credit card number.
>
> Shortly said, if we assume that the entire CA business is worthless, then
> so is SSL.
um.... No I don't think I did say anything contradictory - at least not
with respect to your point above, which by the way, Mateusz, is spot on.
I just didn't come right out and say what you just did :)
And I concur with what Kim said too here:
<snip>
Funny you should say that - I've always held the opinion that SSL/TLS is completely worthless the way it's currently implemented. Just think about it - what if you had to prove your identity to some foreign company and pay a yearly payment just to set up an SSH server?
</snip>
I think my point was that the extortion scheme, as a result of LE, is
crumbling, because they never assured the user of anything really
substantial in the first place and were profiting on FUD (FUD, as coined
by Dr. Amdahl).
Kindest regards,
Bradley
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Gopher-Project
mailing list