<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 1/11/2019 2:50 PM, Grant Taylor via
NANOG wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1ab1783a-8dda-71c6-eddf-68d22ab6f06c@spamtrap.tnetconsulting.net">On
01/11/2019 12:32 PM, Rob McEwen wrote:
<br>
<blockquote type="cite" style="color: #000000;">but if done right,
fwiw,, wouldn't that be sent over SMTP using TLS encryption?
<br>
</blockquote>
<br>
Oy vey. in-flight vs at-rest encryption. <facepalm>
<br>
</blockquote>
<p>which is why i said "fwiw", acknowledging upfront that TLS
transmission encryption has a limited scope. I guess you missed
that? But I was specifically replying to a complaint about
passwords being sent in plain text, and I was suggesting that TLS
would solve that problem. At that point in the discussion, it
wasn't a discussion about all things encryption. ("context" is
very helpful - are you still facepalming?)<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:1ab1783a-8dda-71c6-eddf-68d22ab6f06c@spamtrap.tnetconsulting.net">On
01/11/2019 12:32 PM, Rob McEwen wrote:
<blockquote type="cite" style="color: #000000;">(but, then again,
that ALSO requires a certificate!)
<br>
</blockquote>
Let's Encrypt works perfectly fine for that too. }:-)
</blockquote>
<p><br>
Exactly! That was sort of my point too. The person creating that
dumpsterfire list seemed to be trying to avoid having to install a
security certificate, but having that security certificate solves
other problems besides the website getting https, such as enabling
TLS, too. That was my basic point, I was just trying to be less
wordy.<br>
</p>
<pre class="moz-signature" cols="72">--
Rob McEwen, invaluement
</pre>
</body>
</html>