Re: [PLUG] news

Charlie Li via plug on 11 Aug 2020 11:40:33 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] news

From: Charlie Li via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] news
Date: Tue, 11 Aug 2020 14:40:18 -0400
Autocrypt: addr=ml+PLUG@vishwin.info; prefer-encrypt=mutual; keydata= mQINBFt7iHUBEADCorTixbMGuHd9WYSKCELlv/TFcRtvpHUw/n9LtXzKixUUwl7iuMFMYTz3 QXePX0Twq4jCQYySfcxWbPkLsSYlPOkaGQ+XytfmIHoqG5ba4i1fp+F41is0oCtLt1+oL84j NKUd13em/JWd+PJeQbSTVnHbT2yaAi7vqWw5WKVaMExjfPGU5TArV46wSRU6Zuy1ZX66q0q5 dPzeBdeKYWJE8aGtyi3pYUpKUOX4gxiNetf6leDFZ4OsexWaRdU0n8fId5d1qwjAE3lOwV5z 0Ilt8t4iXtX3JL3DAQyLZIeXHIg9O3rrpPMXQWSp2/5g39PohNk7farbhcpIKxuDN+L5N6U9 OxNHBSCv9FGDO4R/mw3YwJCovDzsF7RSyXQDIY36yjdh2uTLZ0uD5Ci/DPmJUySFLRvpqWnQ M7V5cYhdqDfcElGpRbi8JZQVYRJjvI5Jj0byG98KeaD0YFxKqmmm+Oh+xWXE7xt/DsBoZeZJ BFP84LvFbwQqprvI+sg+1z2+JIgNbYwl8VaYzfyGnqTEXTOsQYEKTdKA9MODSAsN31MlQICe CIHZV+OwOqH1KQ/mZp59AnpXAmj4T94bnahE9yJtVW/qglX/nTeFNUdu5MyEgkeB0x7mx+t0 3hE20yp/NbyvG1T/o53NHwHiURC/8Fxd1NWPZ6n4X8npQn6iyQARAQABtDVDaGFybGllIExp IChQTFVHIG1haWxpbmcgbGlzdCkgPG1sK1BMVUdAdmlzaHdpbi5pbmZvPokCTgQTAQgAOBYh BP9/wqq+WvuNT2xG/o5weN7yA6tsBQJbe4r8AhsjBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA AAoJEI5weN7yA6tst3QP/0Ys2iQ8n1nSpYp2khFmyynQMMLIjXeTSnzfF5SI2/cVvTcp2mFD fNH1RaSD6dfvlEDXaf3ycTQt5meDyf0VPCPl+ljNw8jGuCMRocQSQ6sEY2lWYQa5LVUtz5ff NCjOnHXoccqKaJC4G3aT51zR3PxEuR1RNLJCxYr6UyPcrLokZNSpBNwEJ3jbMLaz8JsU2j+N oe2mgqNxwkwIa8+vC4IZPwctCRDS3Dfm10ixX3fwVaNGciU3/D9vK6n6xckgzLwyYC0YFaJ4 9KF+7GjNf2lWZwYfEOKqv1hQvNRnBF/6aG9SzE33tYvjSDW38XTI3m/taC+bw7C5EkbwbJrb Y/YJBWzff2PqxG3Jh72++phcC7KVZHUetvupiqXsKhzYwbExE6FN3xSlcLipDtwLv+67sF9/ cwCJBZKYAfLaYYDlPAhffI5kjqYvTEF1bTooUPGjCSduXE4PGQsC9H40ybhQ9xYdIqp84+Td 4lP6rsBENG7hzNr+hYJY7hsovUYqYF7MxwXKk9yLP4TRFkLqS/vlk+0BHo8O9sMESfLpLupX pVI8BX5y5iODz17mMRCrJIXeBN3OU0ovZjRWGB/N4ebtyHmneEsf7JFL7PV+B5oGUNMKDDau hHQN4SIOuRZgqLh15knMQOMwsBZuAbK3UIzb1wZCN2kEawRoxEETqU4OuQINBFt7iHUBEADX Ze2BxvCTsh2xGL/uxMUqzveqgUWr4NRbAxtK4g5pbDkn2dn6i+v2CReVrH7F/ffmEnSIi0Hw uEDsP3APjCOuaYGOHAruNi+2CFvwEfowdYRYPkP3G3jsI7ijxWLWb8Xg6UrGgOoiEfqfreA1 5I1pfOoOlmhSwvrYpf6wopRR2P9f+jPdfBdYJv+sQiAAwxbtAVy5AEnOQeC7r2hRIiSLiPWa EAyIFsZ7F9LV1xN+ksCv166MM0c7DmvtojhwDyru6zxh8MtvLzuE+VKu1MpzGRtrCt0U2zoo 2sS+CCReFjEaqbhnQUieLFpq+WiKYF/WruS9UzQACCyaR155L/pPNufvVYG4RbRWARxJIFLV 2/sN+CZ5B6JKa/QO/HaVm/k/ozhD+mVIDPuFVcvoQgqW3AlSNjxF7vMNs9/uMmVsSBZsvFGG UaHkzCs1dsy3orKANFwPI4+ePGDT4gJdtDI8qKruNljb9D/Hw/TzE3HyxQo9j5cToblBWiFB 97ctP2zXkoz7VSvi/ceFt+0e1NbWJPrQeTJT2pEIkkLXU6AfvCt+K5wbf95AqAGC+x8oMPfq smaxCmQ7T+SSnpH4LMtvLdc+usVglMKvTx7lBYoo93I28CG7JCPbstvsSE3F7eGalX6WXHRp o323Uz5Bnzx9qYw6AiWns2HW4Wv9zlYZlQARAQABiQI2BBgBCAAgFiEE/3/Cqr5a+41PbEb+ jnB43vIDq2wFAlt7iHUCGwwACgkQjnB43vIDq2xMZw//asEi+B4qKyZlBCfuQk4fCCapeD83 kCvA8fd4ImbOY1lZQiU5nKUDYq1iGTNnkbeuwv8EyYy5hFRs8klS6RolKoV6nUToBZg8LxJ5 qSG7VlsrxrIEjgpmY/7c9BhLS0rIyXFf5C335L+1xCpLfWYyCZxWFWEqLwytaNj6DukX4uQF hxwe42IY0hybyYw8dMgpTvYBGIbcO0etGDix/nCqA6LvbbvuMEd0MEbDRjusK8yxoabcbgaw zCPh7jsfo8AU5Yrs7r2a68ujnSgw3auQ+L70Ao+LxZyuKey2V4QbIQjKC5FqANCNk/mBf1eT m+RLr7EyAq3v6Tv4PeNYqVZHob1TQLIqZUmh42rAdR0ugUPeXLCPBP2+j5ypviBAqdmwDWyz 9Y68SngRo1JHskcU5jlfwA1CCI/EuGtsjsU8ZcrDdjucKlwiXMWmHpQv2OE1HC+hDcZ9nSwX QmCkBJ2tLg3cWae30vqVzeqsivEM+kONjBwMRQGXSyn+muOHeB0Leqz3FnRE1ZZ1Spya9G/Z IOStUPDeJD1aExla5BgGYZoxWLKlrpauOOVVOOpl+1nKrK2cfC6jU8D+otwX+9RSfRAcU8gP Hz/JNKqLD/FPA+44XHOceMlVvEQQbQfmuat6HVnRZ4zCxJuMLcQR/5kjf1CkXBUgbykPBcU4 KV+GMXM=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=vishwin.info; h=from :subject:to:references:message-id:date:mime-version:in-reply-to :content-type; s=fuccboi12; bh=rzHgdNYxrZ3PTlHifgKhSjcnucoj9KfR9 1RL3YfT3xo=; b=UP1UYWxXdRxV3wlzAezpOgIN/ZDptFm6OVHUnaiH2rAasqA5Y Ug2s9QckS2ZzFuHmcXoE4XSCqkK1r5YGKp2nXhTyB1qcsLWw78AXG0eQATMCK3t/ W3dy3U3QZwGnzVw9I+sCc7kuNQZ07EfXX9oJ60yOeKwdDetGry/Q5ppToT5xI/hU F4ZMAnAk5U3dhxjULeCQYK1/Kcg56B4Nk1yLUEEl3RLbDIvrM4FR6T7wmvqhElri R09Vg7FPYeGvO58QDDmWA04r62X/aUGOvUmHEZ8pfhoEp44wa3Xcmg/ehxuAVHEZ y20OsQRtYCGjdD9PkZeEdTCI0wZJFPBOtqv+Q==
Organization: PLUG mailing list
Reply-to: Charlie Li <ml+PLUG@vishwin.info>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0

Rich Freeman via plug wrote:
> On Tue, Aug 11, 2020 at 12:34 PM brent timothy saner via plug wrote:
>>
>> But yeah, he explained much more eloquently the point I'm trying to
>> make. It's important to balance risk factor into the equation, and he
>> explains why it's important here.
> 
> It is also almost completely irrelevant in practice.
> 
It is absolutely completely relevant in practice.
> However, this discussion came up in the context of SSL for websites,
> where turning it on is basically a checkbox unless your website was
> designed in 1996.  There is rarely any reason not to check the box for
> anything which is new.
> 
Oh but there is. This was actually discussed ad nauseum in the context
of the FreeBSD public subversion repositories (not the endpoint for
committers, which of course uses ssh) unconditionally requiring HTTPS,
and one important point brought up are nation-states and other actors
who have vested interests to know everything every user does, which
means any means necessary to MITM and crack SSL/TLS. Which can mean no
access to the (proper) requested resource at all. At the end of the day,
it is all about managing risk.

These two messages from phk explain it much better than I can:
https://lists.freebsd.org/pipermail/freebsd-security/2017-December/009555.html
https://lists.freebsd.org/pipermail/freebsd-security/2017-December/009558.html

-- 
Charlie "house hunting" Li

(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] news
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

References:
- [PLUG] news
  - From: jeff via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Thomas Delrue via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Keith via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: brent timothy saner via plug <plug@lists.phillylinux.org>
- Re: [PLUG] news
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] news
Next by Date: Re: [PLUG] news
Previous by thread: Re: [PLUG] news
Next by thread: Re: [PLUG] news
Index(es):
- Date
- Thread