top | item 46733099

(no title)

TheCondor | 1 month ago

As someone that has built security applications for most of this century, I can confidently say that when you make security the problem of one device, system, team or entity that it results in insecurity. It might satisfy some auditors but that’s about it.

The most obvious issue is that if any system is compromised, then the attacker can potentially sniff traffic and they are all effectively compromised. The next one, and it’s really key to TLS, is that the app you are proxying probably has an opinion or desired behavior when things can’t be authenticated or are improper. Someone reading you blog and the cert is a day old? Probably not super risky to let them read it. Logging in to the mail server and the keys are bad? You might want the server to just block that.

For like a home lab situation or kind of toy systems? These tools are great, I’ve used stunned more than a few times to hack things together

discuss

No comments yet.