So this video explains how https works. What I don’t get is what if a hacker in the middle pretended to be the server and provided me with the box and the public key. wouldn’t he be able to decrypt the message with his private key? I’m not a tech expert, but just curious and trying to learn.

  • @lily33@lemm.ee
    link
    fedilink
    English
    16 months ago

    I’m somewhat skeptical. What if LetsEncrypt decided to misbehave tomorrow? Would the browsers have the guts to shut it down and break all sites using it?

    • Nightwatch Admin
      link
      fedilink
      English
      36 months ago

      Yes, they will. We’ve seen it before in mostly less serious cases: Diginotar, Türktrust, Symantec, etc. As brittle as the CA system can be, when there is real enough trouble, CAs do get revoked.

    • @catloaf@lemm.ee
      link
      fedilink
      English
      16 months ago

      Not the browser companies. The parent CA would revoke Let’s Encrypt’s certs and publish that revocation in the certificate revocation list. When the browser (software, running on your system) downloads the new CRL, they will automatically stop trusting LE.