vagabond

joined 1 year ago
sorted by: new top controversial old
EU Article 45 requires that browsers trust certificate authorities appointed by governments in c/technology@lemmy.world
[โ€“] vagabond@lemmy.dbzer0.com 5 points 10 months ago* (last edited 10 months ago)

When a website uses HTTPS they have a certificate that proves who they are. Your device uses that certificate to encrypt your data so that only that service can decrypt it. The issue is that it's just a file and anyone can make one. So to determine whether I trust your certificate I need it to be cryptographically signed by someone I already trust. These are the certificate authorities.

If I was a certificate authority that your device trusts then I could create a certificate for any domain and your device would believe me. Meaning I could sit between you and any web service and have you encrypt things with my certificate in a way that lets me decrypt everything before forwarding it to the service and you would never know.

What's a philosophical (not overtly political) position that you hold? in c/asklemmy@lemmy.world
[โ€“] vagabond@lemmy.dbzer0.com 2 points 1 year ago

In this vein, you should try the food you are given before seasoning, adding salt, or covering it in sauce.