Re: [PLUG] news

[Rich Freeman via plug <plug@lists.phillylinux.org>]

On Tue, Aug 11, 2020 at 12:34 PM brent timothy saner via plug
<plug@lists.phillylinux.org> wrote:
>
> But yeah, he explained much more eloquently the point I'm trying to
> make. It's important to balance risk factor into the equation, and he
> explains why it's important here.

It is also almost completely irrelevant in practice.

Nobody is suggesting that you should avoid putting locks on your
datacenter door so that you can instead buy $10k gold-plated SSL
certificates from Verisign.

Yes, SSL/etc can make some troubleshooting more difficult.  I don't
really see that as a great reason not to use it.

Yes, there are some applications out there which weren't designed to
use encryption in a secure way, and it probably doesn't make sense
spending millions of dollars if they aren't doing anything important
to add it.

However, this discussion came up in the context of SSL for websites,
where turning it on is basically a checkbox unless your website was
designed in 1996.  There is rarely any reason not to check the box for
anything which is new.


--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug