Recently, I got the headsup on tailscale. It's a pretty nifty almost-zero-config personal VPN for the purposes of
Prior to tailscale, I was using AnyDesk cuz it just worked and
did not need any port forwarding pre-considerations. (My router
has a broken port-forwarding feature - the settings didn't
stick - but AnyDesk overcame that.
Re: tailscale ..impressive
By: Ogg to All on Thu Jun 01 2023 07:50 pm
Recently, I got the headsup on tailscale. It's a pretty nifty almost-zero-config personal VPN for the purposes of
Sounds pretty cool, but any time you're involving another party into the mix, there's always a chance they can evesdrop on you. Sure, they _say_ end to end encryption etc etc, but there's nothing stopping them from having a master key to all that encryption.
Recently, I got the headsup on tailscale. It's a pretty nifty
almost-zero-config personal VPN for the purposes of
Sounds pretty cool, but any time you're involving another party into the mix, there's always a chance they can evesdrop on you. Sure, they _say_
end to end encryption etc etc, but there's nothing stopping them from having a master key to all that encryption.
...For Windows, RDP works better than VNC. File transfers
can be done via ssh/scp, too.
In the end, of course just use what is most comfortable and
works for you. I'm just overly paranoid so using "self-
hosted" things is my "comfort zone".
The whole concept of "end to end encryption" is that there's no means by which a man in the middle can snoop or spoof, no matter who they are.
Then take a look at headscale. https://headscale.net/
Re: tailscale ..impressive
By: Digital Man to Phigan on Fri Jun 02 2023 06:25 pm
The whole concept of "end to end encryption" is that there's no means by which a man in the middle can snoop or spoof, no matter who they are.
Sure, that's the concept. You have to have the public/private keys on each side to be able to read the encrypted data. You're not in control of the generation of those public and private key pairs, however. It is 100% possible for the system generating those key pairs to have a "master" set of keys which can read that encrypted data no matter how many times you change your personal public/private keys. Your data is still encrypted "end to end" :).
Sure, that's the concept. You have to have the public/private keys on each side to be able to read the encrypted data. You're not in control of the generation of those public and private key pairs, however. It is 100% possible for the system generating those key pairs to have a "master" set of keys which can read that encrypted data no matter how many times you change your personal public/private keys. Your data is still encrypted "end to end" :).
https://security.stackexchange.com/questions/119551/are-there-master-keys-th at-can-be-used-to-generate-valid-ssl-keys
https://security.stackexchange.com/questions/119551/are-there-master-keys -th at-can-be-used-to-generate-valid-ssl-keys
That link doesn't really contradict anything I'm saying :)
For a certificate or key pair to be "valid" you just have to trust the authority that signed it/them. We call SSL certificates used for websites and things as "valid" because they have been signed by one of the certificate authorities that we all have stored in our operating systems and browsers, the ones we trust. It's technically possible for any of them to have master keys to the certificates they generate and sign, but as the response in the link says, it's highly unlikely they would go using those willy nilly.
systems and browsers, the ones we trust. It's technically possible for
any of them to have master keys to the certificates they generate and sign, but as the response in the link says, it's highly unlikely they would go using those willy nilly.
I've never heard of PKI, where a master key can decrypt a subordinate's key data, where data was encrypted with the subordinate's public key.
This implies that you are saying that a master key can decrypt data that is being intended for an end user, that is encrypted with their public key.
you send a CSR and the public key to the CA. that's it. there is no "master key". the CA's only purpose and capability is to validate the owner of a public key. they are incapable of decrypting anything.
Recently, I got the headsup on tailscale. It's a pretty nifty almost-zero-config personal VPN for the purposes of
establishing secure and encrypted tunnels over your own
machines as a custom network.
Sysop: | Xerxes |
---|---|
Location: | Azle, Texas |
Users: | 131 |
Nodes: | 10 (0 / 10) |
Uptime: | 97:23:00 |
Calls: | 3,190 |
Calls today: | 1 |
Files: | 195 |
U/L today: |
0 files (0K bytes) |
D/L today: |
0 files (0K bytes) |
Messages: | 366,179 |
Posted today: | 0 |