| Rich Freeman via plug on 10 Aug 2020 13:56:08 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] news |
On Mon, Aug 10, 2020 at 4:14 PM brent timothy saner via plug <plug@lists.phillylinux.org> wrote: > > "Encrypt everything all the time" is generally not a good stance to take. > > Encrypt things that should be, like sensitive data? Absolutely. But > unquestioned enforced encryption is a generally bad idea because > encryption requires trust, which leads to either needing to verify every > single site or trusting a central authority. Which can then be a single > point of failure, technologically or politically. There is no attack that works on an "untrusted" (ie unauthenticated) encrypted connection that doesn't also work on an unencrypted connection. There are plenty of attacks that do work against unencrypted connections that fail against an unauthenticated encrypted connection. It makes zero sense to send stuff unencrypted. Even if you don't trust every certificate out there, you're more secure using encryption with an untrusted certificate, than you are not using encryption. Can somebody execute a MITM attack against an unauthenticated encrypted connection? Sure. However, they can't just passively evesdrop on the connection, which they can do with an unencrypted connection. -- Rich -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug