Thread

Nice*

🐶🐾🫡 https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Security Pin the certificate. And there are many other ways to overcome mitm attacks, take a look at IPsec and various key exchange mechanisms it has🐶🐾🫡

Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s expiry? It’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks. I’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless. I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.

And just to clarify.. you’d need the pinned certificate key/fingerprint - it’s expiry is not enough to detect a change.

Oh, if you are talking about big boys, you should have named them. Don’t expect any privacy there, that goes without saying. HSTS actually works if you are afraid of mitm. DNSSEC has to be used too and your resolver has to be someone you trus and over secure channel. 🐶🐾🫡

My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector. External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices. A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.

Just came across MLS 🐶🐾🫡 https://blog.phnx.im/rfc-9420-mls/