Government-controlled inspection wouldn't be solved by switching to older DLLs (unless the code itself is compromised, which is unlikely for video game code)
Many organizations, surprisingly, still do things like using Kubernetes with TLS terminated at the ingress. In that case, you just need the splitter in the same network as the nodes hosting the ingress controller. Or inspect the unencrypted traffic within the cluster.
It takes a non-trivial amount of work to set up a service mesh (and mutual TLS between services), so many k8s clusters end up with unencrypted traffic inside the cluster network.
> It takes a non-trivial amount of work to set up a service mesh
I feel like configuring wireguard between a group of physical hosts is fairly trivial. After all I do it semi-manually in order to access my LAN when I'm elsewhere and I'm certainly no expert sysadmin.
Government-controlled inspection wouldn't be solved by switching to older DLLs (unless the code itself is compromised, which is unlikely for video game code)
Don't these systems usually use a splitter, thereby adding zero latency?
How do they inspect traffic when most is https?
In this case we're talking about P2P traffic, which is generally not HTTPS. The linked issue references WebRTC https://en.wikipedia.org/wiki/WebRTC
Encrypted by Cloudflare, so they just use the keys to decrypt it again.
Many organizations, surprisingly, still do things like using Kubernetes with TLS terminated at the ingress. In that case, you just need the splitter in the same network as the nodes hosting the ingress controller. Or inspect the unencrypted traffic within the cluster.
It takes a non-trivial amount of work to set up a service mesh (and mutual TLS between services), so many k8s clusters end up with unencrypted traffic inside the cluster network.
> It takes a non-trivial amount of work to set up a service mesh
I feel like configuring wireguard between a group of physical hosts is fairly trivial. After all I do it semi-manually in order to access my LAN when I'm elsewhere and I'm certainly no expert sysadmin.
You think IDF-grade packet inspection causes lag?