Subj : tailscale ..impressive
To   : Digital Man
From : Phigan
Date : Sun Jun 04 2023 04:40 pm

 Re: tailscale ..impressive
 By: Digital Man to Phigan on Sun Jun 04 2023 01:39 pm

> https://security.stackexchange.com/questions/119551/are-there-master-keys-th
> at-can-be-used-to-generate-valid-ssl-keys

That link doesn't really contradict anything I'm saying :)

For a certificate or key pair to be "valid" you just have to trust the authority that signed it/them. We call SSL certificates used for websites and things as "valid" because they have been signed by one of the certificate authorities that we all have stored in our operating systems and browsers, the ones we trust. It's technically possible for any of them to have master keys to the certificates they generate and sign, but as the response in the link says, it's highly unlikely they would go using those willy nilly.

Other applications, especially those where the client and the server are proprietary, don't have to follow any rules about trusted authorities. The same company could write the client and server, generate and sign the certificates, and promise you end to end encryption. You have no guarantee that there isn't a master key. Even when the client and server are open source, the certificate signing stuff often isn't.

---
� Synchronet � TIRED of waiting 2 hours for a taco? GO TO TACOPRONTO.bbs.io

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.