The Dark Side of Encryption
Increased encryption is drawing scrutiny as it disables organizations that work to filter and block imagery showing the sexual abuse of children.
Increased encryption is drawing scrutiny as it disables organizations that work to filter and block imagery showing the sexual abuse of children.
I was recently debugging a nasty issue in one of our backend services and needed to view the exact HTTP request & response being sent to an authentication server. Fortunately, Go’s standard library provides http.RoundTripper, httputil.DumpRequestOut & httputil.DumpResponse, which are great for dumping the exact out-bound request & the response. But since an authentication request contains credentials and a response contains a security token, it would have been insecure to record credentials & tokens in our logging systems. How could I securely exfiltrate the information I needed, while maintaining security and not requiring a whole lot of changes to my codebase or deployment environment?
A few years ago at a DEFCON conference, an organization called “Let’s Encrypt” lead a session on their new project. Although this group was not well-known at the time, their ambitious goals made me feel that I should hear what they had to say, even if it was just to save money.