Am 19.04.2014 10:44, schrieb Stephan von Krawczynski: > On Sat, 19 Apr 2014 10:20:39 +0200 > Reindl Harald <h.rei...@thelounge.net> wrote: > >> and where does it lead to trigger warnings all over the planet and train >> people to ignore them? in case of a mailserver that's not a real big >> problem because they amount of users is limited >> >> on a public website it is insane to present a browser warning as welcome >> message >> >> if there is a working replacement, widely supported by client-software >> and useable or the ordinary enduser - fine - let us adopt it - until >> that does not exist you are talking bullshit >> >> well, i have an offer for you: >> you pay the support calls caused by certificate warnings, you pay also the >> harm of other ignored warnings as result of train monkeys, you go out and >> make *every* enduser to a tech person understand certificates and SSL before >> and after that we all start to drop CA certificates >> >> deal? > > So you like market behaviour
no, but after more than 11 years working in the IT as software developer and sysadmin building any admin backends, automation tools and cms-systems at my own while dealing with the endusers and their software i have learned which fights i can't win and better spend my time to work on things gaining a result > Don't you think that the market of client software will react > faster if everybody is aware of the currently unsolved > problems? only in a perfect world in the world i sadly live i had to turn SSL3 on again after a complaint of big customer that one of his customers can't use his shop with MSIE6 and is not willing to enable TLS in the settings which is one click i did 13 years ago in times using Windows, well now after Heartbleed and EOL of WiNXP now i had the arguments to disable it forever -> done in the world i sadly live i had recently a customer using a 10 years old Eudora mail-client on MacOSX which don't work with SHA256 certificates - the reply to "please update your OS and your mail-client, this one is unsupported and higly insecure" was "but i was happy with it until *you* changed something" > My word is: make them aware mine too, but make aware and try to force end-users to understand things are different worlds - you can't win the fight against users ignorance, careless and their outdated software > Your word is: safe money and give a damn my word is safe time where it is wasted and use it to improve things in areas where i can win a fight - fighting a lost battle leads to nowehere and eats the time to improve other things i spent hundrets of hours in security the last few years looking at a big picture of all sort of network services and operating systems to work as secure as possible with each other if i would have wasted that time with lost battles i would have gained nothing > Lets stop it here, it is obvious we disagree and I guess people on the > list have heard enough to take their own decisions agreed
signature.asc
Description: OpenPGP digital signature