Dear Mary,
Am 22.10.23 um 11:48 schrieb Mary via mailop:
from what I understand, this is a government issued wiretapping
against that specific services/servers (hosted by Hetzner and Linode
in Germany?) and not a general TLS exploit.
so nothing interesting or unique.
It was interesting and surprising to me, as the common perception is,
that SSL certificates protect against MiTM attacks as it should provide
authenticity.
And it is interesting to think about, how to protect better against this
kind of attack.
Hugo Landau wrote down some ideas in *Mitigating the Hetzner/Linode
XMPP.ru MitM interception incident* [1].
Would DANE have prevented the MiTM attack under the assumption, that
DNSSEC works and is not compromised in your setup?
Kind regards,
Paul
[1]: https://www.devever.net/~hl/xmpp-incident
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop