Subj : tailscale ..impressive To : Digital Man From : Phigan Date : Sun Jun 04 2023 04:40 pm Re: tailscale ..impressive By: Digital Man to Phigan on Sun Jun 04 2023 01:39 pm > https://security.stackexchange.com/questions/119551/are-there-master-keys-th > at-can-be-used-to-generate-valid-ssl-keys That link doesn't really contradict anything I'm saying :) For a certificate or key pair to be "valid" you just have to trust the authority that signed it/them. We call SSL certificates used for websites and things as "valid" because they have been signed by one of the certificate authorities that we all have stored in our operating systems and browsers, the ones we trust. It's technically possible for any of them to have master keys to the certificates they generate and sign, but as the response in the link says, it's highly unlikely they would go using those willy nilly. Other applications, especially those where the client and the server are proprietary, don't have to follow any rules about trusted authorities. The same company could write the client and server, generate and sign the certificates, and promise you end to end encryption. You have no guarantee that there isn't a master key. Even when the client and server are open source, the certificate signing stuff often isn't. ---