Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/11/2019 2:50 PM, Grant Taylor via NANOG wrote:
> On 01/11/2019 12:32 PM, Rob McEwen wrote:
>> but if done right, fwiw,, wouldn't that be sent over SMTP using TLS 
>> encryption?
>
> Oy vey.  in-flight vs at-rest encryption.  <facepalm>

which is why i said "fwiw", acknowledging upfront that TLS transmission 
encryption has a limited scope. I guess you missed that?  But I was 
specifically replying to a complaint about passwords being sent in plain 
text, and I was suggesting that TLS would solve that problem. At that 
point in the discussion, it wasn't a discussion about all things 
encryption. ("context" is very helpful - are you still facepalming?)


> On 01/11/2019 12:32 PM, Rob McEwen wrote:
>> (but, then again, that ALSO requires a certificate!)
> Let's Encrypt works perfectly fine for that too.  }:-) 


Exactly! That was sort of my point too. The person creating that 
dumpsterfire list seemed to be trying to avoid having to install a 
security certificate, but having that security certificate solves other 
problems besides the website getting https, such as enabling TLS, too. 
That was my basic point, I was just trying to be less wordy.

-- 
Rob McEwen, invaluement


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190112/99f7f30f/attachment.html>

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]