Hacker News new | past | comments | ask | show | jobs | submit login

If anyone's interested in learning more of how you can use the private key of a server to monitor all communications: see, for example, US Pat. 7,543,051

It describes a way to passively/non-intrusively ("invisible to the server") capture and analyze all network traffic using a cable-tap.

Bottom of column 8: "In order to accomplish decryption in a timely manner the secure traffic decryption unit needs the private key of the server. Usually providing the server's private key to another device would be considered a security flaw, since private keys are not meant to be communicated to any other party. But since it may be assumed that usually the server's owner or operator will use the present invention to monitor his/her own server, providing the server's private key to the secure traffic decryption unit does not pose significant security risks."

Does this work? Has anyone built it?

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact