17 comments

  • e63f67dd-065b 8 hours ago

    I don't work in networking, but seeing as most traffic is encrypted these days, does passing through unfriendly hardware matter as much as back in the days of plaintext everything? Sure they can drop packets, but they can't tamper/read it, or is there something I'm missing?

    • Aachen 8 hours ago

      Who checks those encryption keys?

      If you direct a CA's traffic through your server, you can answer the HTTP or DNS queries that prove domain ownership. And lots of people click past warnings because an IT disruption isn't a day off if they can work around it

    • cedws 7 hours ago

      Russia could easily “convince” a CA based in their country to do them a favour to facilitate MITM. Or just gather the right kompromat needed to convince one overseas.

  • tilt_error 15 hours ago

    This is an interception scenario, no? If issued intentionally, traffic will pass through hardware in… unfriendly territory.

    • Arnt 11 hours ago

      Yes, but doing it intentionally isn't as simple as one might think. First, BGP generally prefers the shortest path and yours is going to be a little long, so unless the best original path is very long you need on some transit provider to use policy-based routing and trust you as transit. Second, if you want the traffic to pass through your hardware you have to have sufficient bandwidth, otherwise you'll just trigger packet loss and disrupt service (fine if disruption is your goal, not so fine if you want the traffic to pass through your hardware). Third, some people use signed routes, which also complicates your job.

  • LunaSea 15 hours ago

    Episode n°5933 of our regularly scheduled series: "how Internet still depends on terribly naïve and insecure protocols invented 30 years ago".

    • gmuslera 14 hours ago

      There are measures to prevent or at least mitigate that, like RPKI. But having a sensible improvement doesn’t mean that everyone is using it, look at IPv6.

    • Towaway69 15 hours ago

      Those protocols weren’t designed for privacy or financial transactions. Those things have just been kludged on top.

      No one back then designed those protocols for our use cases today.

      Ask rather why we haven’t upgraded all the hardware that supports all those old protocols? So that these protocols could also be updated and modernised.

      • Hikikomori 15 hours ago

        BGP routers are for the most part replaced often as bandwidth requirements continue to increase, that is not the problem here.

    • Hikikomori 15 hours ago

      Much like C.

      • Towaway69 15 hours ago

        We won’t replace electricity but we’ll build on top of it. Electricity is fundamentally the same since ever: copper wires transport it and it flows between two poles.

        That’s a bit what C is - the basis of other languages and for that it works fine. We abstract up the chain of complexity.

        There will always be a fundamental basis for all technology and it will never be perfect. Tesla would have preferred to use DC currents, instead we have AC which is more dangerous.

        • philistine 11 hours ago

          DC was preferred by Edison, not Tesla, which is not more dangerous at all. That was propaganda by Edison to disparage *EDIT:AC current. DC is just as dangerous as AC.

          • Towaway69 11 hours ago

            Thanks for the correction.

            > That was propaganda by Edison to disparage DC

            But if he prefered it, why would he create progaganda against it?

            > DC is just as dangerous as AC.

            I assumed the alternating made it more dangerous but I stand corrected.

            • philistine 10 hours ago

              I messed it up too. Edison wanted to disparage AC.

        • bmicraft 11 hours ago

          > instead we have AC which is more dangerous

          That's false. If you assume the same (effective) voltage, ac is considerably less dangerous.

    • 15 hours ago
      [deleted]
  • 15 hours ago
    [deleted]