this post was submitted on 18 Oct 2023
17 points (90.5% liked)
Programming
17537 readers
129 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Certificates and four-way handshakes.
The handshake is done in a way that nobody could intercept it. Both parties have undisclosed secrets.
The certificate is signed by a trusted authority, which can be verified with a certificate from the authority who signed it. Nothing can be forged without private keys, which are never transmitted.
My company uses a proxy which breaks end-to-end encryption and intercepts/forwards everything without either end party being aware. This is done by manually installing an authority certificate on every client in the office, and the server dishes out forged certificates for every connection. The clients explicitly trust the forgery.
This is why I prefer to work from home, with a personal PC next to me on my own network. I refuse to browse the web on company hardware.
There are tools that you can use to scan whether there are no root certificates (from your company) are injected into your certificate store, if that's what you're concerned about.
But yea, even if I get company hardware, I still just do a clean OS install