Rich Freeman via plug on 10 Aug 2020 13:56:08 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] news


On Mon, Aug 10, 2020 at 4:14 PM brent timothy saner via plug
<plug@lists.phillylinux.org> wrote:
>
> "Encrypt everything all the time" is generally not a good stance to take.
>
> Encrypt things that should be, like sensitive data? Absolutely. But
> unquestioned enforced encryption is a generally bad idea because
> encryption requires trust, which leads to either needing to verify every
> single site or trusting a central authority. Which can then be a single
> point of failure, technologically or politically.

There is no attack that works on an "untrusted" (ie unauthenticated)
encrypted connection that doesn't also work on an unencrypted
connection.  There are plenty of attacks that do work against
unencrypted connections that fail against an unauthenticated encrypted
connection.

It makes zero sense to send stuff unencrypted.  Even if you don't
trust every certificate out there, you're more secure using encryption
with an untrusted certificate, than you are not using encryption.

Can somebody execute a MITM attack against an unauthenticated
encrypted connection? Sure.  However, they can't just passively
evesdrop on the connection, which they can do with an unencrypted
connection.

-- 
Rich

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug