this post was submitted on 18 Oct 2023
9 points (84.6% liked)
Programming
17313 readers
398 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Certificates and four-way handshakes.
The handshake is done in a way that nobody could intercept it. Both parties have undisclosed secrets.
The certificate is signed by a trusted authority, which can be verified with a certificate from the authority who signed it. Nothing can be forged without private keys, which are never transmitted.
My company uses a proxy which breaks end-to-end encryption and intercepts/forwards everything without either end party being aware. This is done by manually installing an authority certificate on every client in the office, and the server dishes out forged certificates for every connection. The clients explicitly trust the forgery.
This is why I prefer to work from home, with a personal PC next to me on my own network. I refuse to browse the web on company hardware.
Oooh that makes alot of sense, thanks and thanks everyone. So https cant be used for peer to peer , you need a server with a certificate from a trusted authority...
Right. You'll get a warning otherwise. If you're setting up a lab for yourself, though, you can set up your own trusted authority and use that to issue certificates and it ends up very much like
within your lab.