On 8/3/22 9:46 AM, Jarland Donnell via mailop wrote:
It's a pretty big and well respected security practice to consider plain text to be more secure than insecure SSL for one reason: A plain text connection isn't logged or reported as a secure connection.
What‽‽‽Please elaborate. Please point to more documentation related to this respected security practice.
Both being insecure, only one of the two involves your server negotiating and reporting to the third party that you are accepting it over a secure connection. Which is basically a lie. Plain isn't a lie, and that's worth something.I don't see how considering "not the best security" as more secure than "no security" is a lie in any way, shape, or form.
I feel like this is a case of anything less than perfect is not good enough and thus a waste of time. -- I often see such sentiments causing people to abandon give up on any from of security and continuing without any security at all.
If you must divulge your SSN over the phone (for reasons) do you just blurt it out at normal volume indifferent to who is around? Or do you walk to a secluded corner of the room and cup your hand around the mouth piece? Even questionable security is better than no security in many cases.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
