| ▲ | mcny 2 days ago |
| Let's say I have a public website with https. I allow anyone to post a message to an api endpoint. Could a server like this read the message? How? |
|
| ▲ | skirmish a day ago | parent | next [-] |
| They may not be able to decrypt it now, but it is well known that most of encrypted Internet traffic is permanently stored in NSA data centers [1] with hopes of decrypting it soon once quantum computing can do it. [1] https://en.wikipedia.org/wiki/Utah_Data_Center |
| |
| ▲ | JasonADrury 5 hours ago | parent [-] | | > but it is well known that most of encrypted Internet traffic is permanently stored in NSA data centers It's "well known"? News to me. I doubt the NSA has storage space for even 1 year's worth of "most of encrypted Internet traffic", much less for permanently storing it. |
|
|
| ▲ | tw04 2 days ago | parent | prev | next [-] |
| They have a relationship with your cert provider and get a copy of your cert or the root so they can decrypt the traffic. |
| |
| ▲ | mcny 2 days ago | parent | next [-] | | I thought the whole point of the acme client was that the private key never leaves my server to go to let's encrypt servers. Now yes, if I am using cloudflare tunnel, I understand the tls terminates at cloudflare and they can share with anyone but still it has to be a targeted operation, right? It isn't like cloudflare would simply share all the keys to the kingdom? | | |
| ▲ | notpushkin 2 days ago | parent [-] | | Yes. They could issue their own certificates, but we have CT to mitigate that, too. |
| |
| ▲ | kachapopopow 2 days ago | parent | prev | next [-] | | no, the private keys are yours - the root CA just 'signs' your key in a wrapper that is was "issued" by ex: letsencrypt, and letsencrypt just has one job: validate that you own the domain via acme validation. | |
| ▲ | scq 2 days ago | parent | prev [-] | | That is not how PKI works. Your cert provider does not have a copy of your private key to give out in the first place. Having the private key of the root cert does not allow you to decrypt traffic either. |
|
|
| ▲ | kachapopopow 2 days ago | parent | prev | next [-] |
| they would just compromise wherever your tls is terminated (if not E2E which most of the time it is not), but also just taking a memory dump of your vm / hardware to grab the tls keys and being able to decrypt most future traffic and past is also an option. |
| |
| ▲ | coliveira 2 days ago | parent [-] | | It's funny that people still have any expectation of privacy when using a vm hosted at a place like AWS or Azure... They're giving any and every last bit you have, if the right people ask. | | |
| ▲ | mcny 2 days ago | parent | next [-] | | It isn't just aws though. You could say exactly the same about digital ocean or linode. Even if you have your own rack at a colocation, you could argue that if you don't have full disk encryption someone could simply copy your disk. I am just trying to be practical. If someone is intent on reading what users specifically send me, they can probably find bad hygiene on my part and get it but my concern is they should not be able to do this wholesale at scale for everyone. | | |
| ▲ | digiown 2 days ago | parent [-] | | > if you don't have full disk encryption someone could simply copy your disk. You can have full-disk encryption then. It can still possibly be compromised using more advanced methods like cold boot attacks but they are relatively involved, and is very detectable in the form of causing downtime. |
| |
| ▲ | kachapopopow 2 days ago | parent | prev | next [-] | | actually, even the CTO of AWS couldn't hijack an abusive VM server because legal did not allow them to, but when the government is asking it I guess that all flies out of the window. | | |
| ▲ | aftbit a day ago | parent [-] | | Pretty much as you say. Legal exists within a system of laws. Hypothetically these laws might not have a carve-out for "CTO doesn't like the behavior" but they almost certainly do have a carve-out for "national security reasons". You'll pretty much never find a lawyer advising a client to break the law because it would be more ethical to do so. | | |
| ▲ | r_lee a day ago | parent [-] | | who knows how often or what kind of access is/can be given, but we will never know most likely because National Security Letters are almost always accompanied with gag orders |
|
| |
| ▲ | shaky-carrousel a day ago | parent | prev [-] | | That's why I self host. |
|
|
|
| ▲ | z3t4 14 hours ago | parent | prev [-] |
| yes, unless you pinned the public key |
