this post was submitted on 29 Jul 2025
380 points (100.0% liked)
196
18215 readers
348 users here now
Be sure to follow the rule before you head out.
Rule: You must post before you leave.
Other rules
Behavior rules:
- No bigotry (transphobia, racism, etc…)
- No genocide denial
- No support for authoritarian behaviour (incl. Tankies)
- No namecalling
- Accounts from lemmygrad.ml, threads.net, or hexbear.net are held to higher standards
- Other things seen as cleary bad
Posting rules:
- No AI generated content (DALL-E etc…)
- No advertisements
- No gore / violence
- Mutual aid posts are not allowed
NSFW: NSFW content is permitted but it must be tagged and have content warnings. Anything that doesn't adhere to this will be removed. Content warnings should be added like: [penis], [explicit description of sex]. Non-sexualized breasts of any gender are not considered inappropriate and therefore do not need to be blurred/tagged.
If you have any questions, feel free to contact us on our matrix channel or email.
Other 196's:
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Man in the middle:
You <-cert for x sign by ca-> x
You <-cert for x sign by ca (fake, gov control)-> gov.spy <-cert for x sign by ca-> x (optional)
To x look like gov.spy is you, gov.spy like proxy. And gov.spy can try force your device connect to gov.spy instead x (dns poison, isp force ip redirect, ...). Will look like x (domain resolve to gov.spy ip, but cannot know), have valid cert for x, trusted.
For that, the government needs to be in the middle of the communication channel. That would take a lot more than just replacing the key on the keyserver.
Internet rely on dns and ip. CA only relevant for internet communication. Take more, but not much more.