🐶🐾🫡 https://en.m.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Pin the certificate. And there are many other ways to overcome mitm attacks, take a look at IPsec and various key exchange ...
Not talking strictly HTTPS. Even so, when have you been directly notified by an app when they updated their pinned certificate? Or even having visibility to a currently pinned certificate and it’s expiry?
It’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks.
I’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.
I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.
It’s not even the key exchange exchange security - that’s largely solved. It’s the swap out and zero-visibility attacks.
I’m largely targeting WhatsApp, Apple iMessages and FaceTime, and whatever large corp constant use a few buzz words that are literally meaningless.
I hope we can do better on Nostr, once key rotation is more mature. We need greater transparency around security related changes. I’m unsure how to include them outside of the app itself - which shouldn’t be trusted.
2