(github.com)

246 points nh2 | 1 comments | 18 Oct 24 06:10 UTC | HN request time: 0.205s | source

Show context

Wowfunhappy ◴[22 Oct 24 12:52 UTC] No.41913728[source]▶

>>41876741 (OP) #

Is there really any benefit of this over just using HTTP?

What is the threat model in which an attacker could MitM your internal network?

replies(5): >>41913783 #>>41913784 #>>41915125 #>>41915370 #>>41915882 #

poincaredisk ◴[22 Oct 24 15:16 UTC] No.41915125[source]▶

>>41913728 #

>What is the threat model in which an attacker could MitM your internal network?

Police raid on your home/company. Malware on a router. Malicious actor in the server room. Possibilities are endless.

SSL added and removed here ;-)

(this is a reference, look it up if you don't recognize it)

replies(2): >>41915343 #>>41916818 #

1. cesarb ◴[22 Oct 24 15:35 UTC] No.41915343[source]▶

>>41915125 #

> Malware on a router.

It doesn't even have to be on the router, just the same network segment plus some ARP spoofing tricks (assuming your switch doesn't have ARP spoofing protections or they haven't been enabled) could be enough to MitM a connection.

↑

Just want simple TLS for your .internal network?