Comment on How to selfhost with a VPN

<- View Parent
Laser@feddit.org ⁨1⁩ ⁨day⁩ ago

Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow

It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.

I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware

No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn’t been transported with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.

source
Sort:hotnewtop