Cops can read the SMTP spec too, y'know
  • LeninWeave [none/use name]
    ·
    3 years ago

    Yeah, but ideally we'd have our DDoS protection done by someone other than the issuer of our certificate, so that they can't trivially decrypt and log any traffic.

    Edit: https://hexbear.net/post/127316

    Looks like there's plans to switch certificate providers.

    • activated [he/him]
      ·
      3 years ago

      They can't trivially decrypt and log the traffic if any cipher suite with forward secrecy is used. ECDHE is a good example.

      • LeninWeave [none/use name]
        ·
        3 years ago

        They can and do trivially decrypt the traffic. The CF certificate is used only between the client and CF's servers, which decrypt the data.