←back to thread

Linux CVEs, more than you ever wanted to know

(www.kroah.com)
103 points voxadam | 5 comments | 09 Dec 25 22:47 UTC | HN request time: 0.876s | source
Show context
1970-01-01[dead post] ◴[09 Dec 25 23:36 UTC] No.46212198[source]
[flagged]
kvemkon ◴[09 Dec 25 23:47 UTC] No.46212291[source]
But how do you know, that if kroah.com would use Let's Encrypt it would belong to Greg K-H? What if his true WEB-site would be e.g. greg-k-h.com?
replies(1): >>46212356 #
1. a99c43f2d565504 ◴[09 Dec 25 23:56 UTC] No.46212356[source]
Right. Also, when it comes to the other aspects of TLS, such as preventing middlemen from making sense of what information flows between you and the server, what exactly is the threat in this case? I mean, it's a public blog post, which you only ask to read and so you are served.
replies(2): >>46212532 #>>46213434 #
2. vpShane ◴[10 Dec 25 00:21 UTC] No.46212532[source]
It's not about threat, it's about privacy. I understand your statements but 'what is the threat in this case' to answer that: I don't want to know, I've moved on from those worries. Always encrypt.
replies(1): >>46213113 #
3. vhcr ◴[10 Dec 25 01:48 UTC] No.46213113[source]
What privacy? Whoever is watching your traffic can see you accessed their website with HTTPS, they can guess with high accuracy which article you are reading based on the response size.
replies(1): >>46220843 #
4. ◴[10 Dec 25 02:46 UTC] No.46213434[source]
5. vpShane ◴[10 Dec 25 17:45 UTC] No.46220843{3}[source]
Any hops along the paths and whatever they split off to by whoever. And of course they can, even with HTTPS the Client Hello is unencrypted.

Unencrypted data transmission just isn't a thing I'm interested in with it being 2025.