|
brent timothy saner via plug on 10 Aug 2020 13:14:21 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
- From: brent timothy saner via plug <plug@lists.phillylinux.org>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] news
- Date: Mon, 10 Aug 2020 16:14:07 -0400
- Autocrypt: addr=brent.saner@gmail.com; prefer-encrypt=mutual; keydata= mQINBFKm0mgBEADSI5oeyqRYZ8YWxPbux4CeqaMNh4etuyJmglDRCQB9t1XlvhMDLZWQNqm+ ORBN3YGISUu+X55p10lK/O1w/85zXkAV7Qe6fkvUzSx0tbPWLu4rn4zH9JgTExElhFRv143H W/EKehejEetkNz6JSwGUXNiF5qh1GbKLOmShbmCSKXLcmw05Qj4ELmhkH9OWXpeM0EHmWIEK VSeoIim/g1MYYxKOb1wY3DEubY9zn3lfz9xfLq/xlFMepDyNAEer/qZDSHQqnymdqXlt6L9e mfd4snHLiDfUgG9JOPeMDWeT6XWJDtKKCcZ3JDSMEGgZsFYpwJxJEwPxnfhHJmH8ENxi/8Cu 0fLFvzgAP+VK/Z1egBI7l241fDDREg3e+NWFhUM5bjwBmqk1z8nkRdru+QSMtPl6Erkd+Tbp 7lGGpQwCbI6esdBPkx/nV8+fIPEcsR2G5jG7O9U4J6q3B1nRFrR863SJHudIWV/l59ZvA8kI knDYNOixPLmnoRrO7LNIWe9jpnkZdg34Aa5AjAjGEKwY5EAzqkKuPEMVGqg/36YUcnqYS98W iVgCpaGg6KJqCMVXBfugxd79rtkyT4Oeju/z/Yp2xxXm3Pqcocb1CxbiEYDLJNT7/hyIJ072 4asMz2DTDMIMciP93hPraEtINknPlerNX2XqK03D+gyBGqAL7QARAQABtCtCcmVudCBUaW1v dGh5IFNhbmVyIDxicmVudC5zYW5lckBnbWFpbC5jb20+iQI8BBMBAgAmAhsDBwsJCAcDAgEG FQgCCQoLBBYCAwECHgECF4AFAlLzvnsCGQEACgkQjABML5NIH2vQHxAArz6yjoQqUPoOFBRF P6hXHcMegvh4vZ0xOcoU+7KyUyD2f5jYivQFSVYcRDr7hyHTs3iRr0HKN8dUUSyLkNCc+rd2 FwqftUF2JLqlqpJ4HDXw+5L2rw0+0voy7JpRNtoGlfkh32SHIbTmNwVIFm1yVg+xNk0RAvl8 /NnPzgi0IKgOJNcxicLpy0f0o/uWHKcm6uS8SBZL3col1Wuhwqt/VY7Nz0cCF7IrRNGyMMPF PMRq3A5144U81WQR94iGlpvWku/qnFAvC9NNTllCwFYpiuI2BkndlPO3YqOwcGbVTOO765la Qz9EQn9b9ipnPjOSp9HLhu53RoJyUWogBtijCzEgODYJuflPWoXG4ubB11wP2CRPZzj3KqFE cShAyNwE2bAtHwtqsksII3J46EEQDrHam/0D6F+jNMZK31E/ET9WcdzZhFRGaBd748dRcaoH BaHpviH+GtRZiWtrR0238Df05MtZPTlZi2t4icBIGVN4j0mcMbgVY/5CudLQGa7BSjnKR/uy hJI7ANOHCsIud6rIB9s5qly60bXjOZ4hG1iFIhUFC+zgrOYGZLbJgCaKd5sdBCWOsQwInD/X eWO+6p4bW0YIp0YXZA5+0Uo8EP4t+NzvfGhe19gy8hrJYZGSW1PJDvqvs+b5XO2j5Be6ec2Y 09Ta99U94SxWp3nXpKS5Ag0EUqbSaAEQAMIB/UpTre+NGzkvTmO6wnfQuzJKEEWnX2p/+eQF ZgDhObvwhvZr7C3I9wP3JnAP3LoJqrnmp78qE2v7snlSG1i66hqcj8Cw2EkBRLFsseva2uI5 B63RLrV0tTXN86nmHhw8qJ2GBu84Ddw7KtYoCRbq902eWsgWxRJVwAK+ip24tVVJxaR23nkO FwU+suYRDhiM9GLVj2waomgJK60dhxLOLZSRwJ0S1A2pu16GEx8USEoz7WNDJgx8PJPSzyH5 U7h9hXhpTEvS8nOV5G7YhksKBR6ECjmleCSehBaotVTAhXTfoh9fyCusMBwizLBoS8GmPUnv nUlvJzyAzu1KxnFzpwEk9ZBgLqWxzC/i4PZKrpqG7n5JqgEl0gg+7fn5Sdwq14Trg+djDGa5 c8n5hXEyszWTka53AhVCn8yq01zYNZoMDG6adYku/g3n5mBxKYuSoMkzuPRgihpsrhN/0RGY nJRDw5cpAjywWhTfFWGaAz6mDNhCV9daoqAoFjmIt9PAFeTrHj0XZXW7C53t4Qor9Nc5goh5 jlw7vv58CpdF0dPF6jLhDL2AYtplqwdPQr8+hj8WyFW8Rbj/OOj/z/JdDa6xCqfvh0udGLVa FDwQXZ1D4sqjwABhqdCppYb9TSq0TzR2LyZDnn/JZied2Q2LypPbsoGa3qd//w5W6NczABEB AAGJAh8EGAECAAkFAlKm0mgCGwwACgkQjABML5NIH2tCDBAAiMHQIKXCnm3XOcBuArJ8l0Yp W7q9KWF1YtmK+Jg+JqF8vTR7qvJ1djpVJVzCbL73bSrw24bLjHhcATuBsQxYPu2sSulcPB8n ri3ki/rWiWpNtjykKi6z56o+vDmbVH8UyA++zHQIaOx7tyKnh4w1F2i46132yMHLHFAdQkAl AJRMIQ6E0AKK9t61r+NJ0KT8g1h9PMcJkPWkGmQjT9eahLlO1H3kua0xCZ264CFUkpYo7t0I Y9BuRafzrqRqrYBJzEeDSd2dNz8u+jTF8RlHyaiePcTE9R1A41mK2vDCgWAbmXW8eruVz+Av zdXSNr6erccamRmeTIyJ5WpGeoA/ZeTDVSLzU2/i/PK2yI/8DTwWnt0iLC+8qvbz+E27/8i5 x5w3PosUjXzHQugBZO0xrBqti9rWV6u73zAE07EKaGfTm4Py3HRfysmFijcT0xpEeuilXM72 TixP75enqXN45ouwrapBcjAM3oxn+eVAagtzMUjXjHJBP5g5PHCRTuzakNzvFu1YNV9Oec8S O+hoQAuW6Wy5NfCN3Bg+KHPu/U6Lw9TcbFtCGOswMx9U2Thuj7FeULli5tj/kLahOOMO0N++ msHrJNNWa2ekU9GJ1NDCOGH0zYF4F5dxrdNxuOGzz6a0+5o1DBaWUEN0wAMceluJNnqv0qni AGmGDY9HHUM=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:autocrypt:subject:message-id:date:user-agent :mime-version:in-reply-to; bh=j7F0P8O8/tyoCTBaAUKG8EjvP23mUs45LAarz3Tas90=; b=Jp815osuJ33c2KN3PfPmhBm4HhwuNC2ZltEc/I4zG0i8lu6L6QhXIT4u1VfDu+ABBb UiTJC03MuVIOGdf4Ev6GkATqtfkZ+GIr0iaq3qlEztzBuUI4/rzq0sllUk15PsRdFVk1 SOxg5Yi8G23UXqkgLBkmfarIWeMl9JZyMMaYRT2u5DlHxTlqwuYK4p4B8a068+Yh+fJk liD7fEUcIIb95G5vkAduhhqbNasABr2nHU1SsF7v1gqHm4WMB42jeNTIjedHuqTMIuRn ktzfPaAd5sfJU0/MakKHWB8BwrZElpL69Aj6hr+awr+fjViap/6Z1IfKQqgIO7aYc0dg le7A==
- Reply-to: brent timothy saner <brent.saner@gmail.com>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
On 8/10/20 3:58 PM, Michael Lazin via plug wrote:
> I think the interesting point about the HTTP smuggling article that you
> reference is it still works. Google rankings are negatively impacted if
> you don't have an SSL certificate, and we have plugins like HTTPS
> everywhere, which force HTTPS on the client-side, and yet still HTTP
> persists despite it not being secure. There was a time when purchasing
> a certificate was cost-prohibitive, but many web hosts now include a
> cert with hosting and there are free SSL cert providers. I think this
> is a sign that providers should start forcing https connections on the
> server-side. I know this is controversial because you want the maximum
> amount of people to view your website, and you don't want to lock out
> people with old hardware/software. Still, maybe it would be wise for the
> Internet community to start doing this for security reasons and not just
> google rankings.
>
> Michael Lazin
>
> to gar auto estin noein te kai ennai
"Encrypt everything all the time" is generally not a good stance to take.
Encrypt things that should be, like sensitive data? Absolutely. But
unquestioned enforced encryption is a generally bad idea because
encryption requires trust, which leads to either needing to verify every
single site or trusting a central authority. Which can then be a single
point of failure, technologically or politically.
You don't need to encrypt a website that's purely informational, for
instance, unless it contains that sensitive data. It can of course help
with *ensuring integrity* of that data, but it's generally not without
its complications and a whole new can of worms.
This proposal also complicates (needlessly, in many cases)
reverse-proxying and load balancing, it breaks numerous "upper"
protocols that rely on HTTP as a transport (but don't account for TLS
tunnelling), it breaks XSD validation, it complicates (if not breaks)
NATted LAN HTTP communication, and makes packet tracing/packet dumps
utterly useless for debugging. Just to name a few off the top of my head.
A good example of this is the DoH hype. Now Comcast, with its arguably
quite questionable decisions regarding business ethics, is doing this:
https://twitter.com/TheRegister/status/1276321762276491264
See also:
* https://www.wired.com/story/dns-over-https-encrypted-web/
*
https://www.theregister.co.uk/2018/10/23/paul_vixie_slaps_doh_as_dns_privacy_feature_becomes_a_standard/
*
https://hackaday.com/2019/10/21/dns-over-https-is-the-wrong-partial-solution/
* https://www.yeettheayys.cf/?p=80
** https://www.yeettheayys.cf/?p=96
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
- References:
- [PLUG] news
- From: jeff via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
- From: Michael Lazin via plug <plug@lists.phillylinux.org>