Comment on How to selfhost with a VPN
Laser@feddit.org 3 weeks agoLet’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow
It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.
I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware
No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn’t been transported with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.
It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.
They’re ‘shortlived’ 7 day certs, verified using a HTTP challenge. It doesn’t matter who owns the IP, it’s just a matter of who holds the IP.
Right, and for the challenge, you need to have access to a privileged port (which usually implies ownership), which you won’t get assigned.
Ah right, completely forgot about that (80 for HTTP-01, 443 for TLS-ALPN-01)
frezik@lemmy.blahaj.zone 3 weeks ago
Public key crypto, properly implemented, does prevent MITM attacks. TLS does do this, and that’s all that matters here
Laser@feddit.org 3 weeks ago
It does, but modern public key crypto doesn’t encrypt any client data (RSA key exchange was the only one to my knowledge). It also only verifies the certificates, and the topic was about payload data (i.e. the site you want to view), which asymmetric crypto doesn’t deal with for performance reasons.
My post was not about “does TLS prevent undetected data manipulation” (it does), but rather if it’s the encryption that is responsible for it (it’s not unless you put AES-GCM into that umbrella term).
frezik@lemmy.blahaj.zone 3 weeks ago
Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it’s all encrypted.
Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned). As long as that key was transferred securely and uses a good mode like CBC, an attacker ain’t messing with what’s in there.
I think you’re confusing the limitations of each building block with how they’re actually implemented together in TLS. The whole suite together is what matters for this thread.
Laser@feddit.org 3 weeks ago
I never said it isn’t, but it’s done using symmetric crypto, not public key (asymmetric) crypto.
Not anymore, this was only true for RSA key exchange, which was deprecated in TLS 1.2 (“Clients MUST NOT offer and servers MUST NOT select RSA cipher suites”). All current suites use ephemeral Diffie-Hellman over elliptic curves for key agreement (also called key exchange, but I find the term somewhat misleading).
First, CBC isn’t a good mode for multiple reasons, one being performance on the encrypting side, but the other one being the exact reason you’re taking about: it is in fact malleable and as such insecure without authentication (though you can use a CMAC, as long as you use a different key). See pdf-insecurity.org/…/cbc-malleability.html for over example where this exact property is exploited (“Any document format using CBC for encryption is potentially vulnerable to CBC gadgets if a known plaintext is a given, and no integrity protection is applied to the ciphertext.”)
As I wrote in my comment, I was a bit pedantic, because what was stated was that encryption protects the authenticity, and I explained that, while TLS protects all aspects of data security, it’s encryption doesn’t cover the authenticity.
Anyhow, the point is rather moot because I’m pretty sure they won’t get a certificate for the IP anyways.