Hacker News new | past | comments | ask | show | jobs | submit login

This is great. If a state funded threat is in your network in the position to place a certificate on a server do you think your self signed certificate will protect you?



Think of it as a cost and effort threshold. Prevents the dragnet / fishing methods from eavesdropping. It's trivial to force $Company to let you in with letter. The effort to break encryption is not trivial. You have to be doing something wrong to get specific attention.


I mean if you use cert pinning with a public CA you get the same results, aka you can easily spot MITM. I am generally not a big fan of private CAs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: