• asdfasdfasdf@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    3
    ·
    edit-2
    3 months ago

    How is DPI a problem if it’s encrypted? That would only work if the attacker had installed their CA cert on your client machine, right?

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      48
      arrow-down
      1
      ·
      3 months ago

      I’m doing DPI on my own network and I can still view TLS certificate fingerprints and some metadata that provides a good educated guess as to what a traffic flow contains. It certainly better that it’s encrypted, but there is a little information that leaks in metadata. I think that’s what was meant.

    • orange@communick.news
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      3 months ago

      I think it might be confusion between inspecting plaintext metadata like SNI vs actually inspecting encrypted contents (e.g. HTTPS content, headers, etc.).