The whole encrypted internet relies on a chain of trust for certs, and the public keys are already publicly available for every client to validate a servers keys and generate a NEW session encryption key (handshake). Looks like this project is essentially the same as running a MITM on yourself. It's intended to be setup on your own server, so you can generate and install your own certs to re-encrypt all traffic between YOUR server and client (i.e. you take ownership of the last leg in the chain of trust between your server and client). The website simply views your server as the only terminating client.This is why it's recommended to use a client VPN on gateways you don't own, as MITM software can be added to any server to operate the same way (though they need to obtain the private keys of certs your browser already trusts, or silently install new ones to prevent your clients from alerting you).
No comments yet.