At 10:39 11/12/00 -0800, Martin wrote:
>Oh, is that what you think? Everything SHOULD be encrypted, there's no
>excuse (in this day and age) for the existence of non-encrypted traffic of
>any sort, even if you're only employing weak encryption.
I don't wanna get into flames, but I don't agree on this. while encryption
soles the problem of accessing his own host where one has an account
and a shared key, it is not easy to allow public guys to access a
public host without allowing bad guys to come the same place.
also, when considering outgoing ftp to public hosts, there is no point
in encrypting anything, not becuse I don't want, but because the site
has no key to share with me:)
>Your arrogant dictatorial stance only shows that you are a tool of the
>governments of the world which would have us believe that encryption is
>not necessary. Those of us who are tired of wondering if someone will
>sniff a password and gain access to something we considered to be harmless
>and exploit some vulnerability would prefer if all traffic were encrypted.
clear text passwords are still the most widely used method not because
everybody around is a dumb developper, but because
- there is no standard to tell how to do a secure authentication.
even TLS doesn't specify which algos to use. SSL has been "forced"
by netscape, that's why it "works".
- how to share public keys. PKIs are still in their infancy, and co-trust
is still far from reality...
- how to convince our states that encryption is not only good for
terrorists, ...
but even if all these are ignored, there is one point that you should keep
in mind: I'm open to encrypt anything, but ftp servers don't gimme a chance!
whatta do? refuse downloading software? You can do that if it suits you.
I simply accept downloading software from anonymous ftp servers in the
clear. After all, why encrypt it since it's public information?
>Ordinarily I wouldn't attack so strongly, or so tritely, but like likes
>like, as they say.
let's hope the "calm" will get back in this hot thread:)
anyway, I'm not looking for trouble. just for sharing my opinion and
learning others ideas. after all, hot debates are a sign that the subject
isn't uninteresting to us... (It's too hot I can't find a better phrase here,
but heh, I won't say it in french....).
>If you would like to have the last word, rest assured that I will not
>continue this thread on the list.
since tha's between Roy and you, I'll let you continue off the list...
anyway, whatever do we think, whatever o we say, the truth is in the "middle".
That said, let the talkative guy that I am shut his mouth...
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
