[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Patrick patrick at rayservers.net
Thu Nov 2 11:32:27 EDT 2017

grarpamp wrote on 11/01/2017 07:10 PM:

>> server uses its own certificate authority to
>> lessen the potential for a MITM attack.
> Many mixup rogue CA with MITM.
> Private CA rarely mitigates either since
> a) full stock of public roots usually still installed and active
> b) fingerprints / certs still rarely pinned down
> c) possible MITM's exist at many layers

You're providing a good checklist for VPN vetting.  In my particular
case everything is pinned down and cannot be bypassed.  No other
authorities or certificates are trusted.

-- Patrick

More information about the cryptography mailing list