nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

From: Rob McEwen <rob () invaluement com>
Date: Sat, 12 Jan 2019 01:37:53 -0500
On 1/11/2019 2:50 PM, Grant Taylor via NANOG wrote:

On 01/11/2019 12:32 PM, Rob McEwen wrote:
but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryption? 

Oy vey.  in-flight vs at-rest encryption.  <facepalm>
which is why i said "fwiw", acknowledging upfront that TLS transmission encryption has a limited scope. I guess you missed that?  But I was specifically replying to a complaint about passwords being sent in plain text, and I was suggesting that TLS would solve that problem. At that point in the discussion, it wasn't a discussion about all things encryption. ("context" is very helpful - are you still facepalming?) 



On 01/11/2019 12:32 PM, Rob McEwen wrote:

(but, then again, that ALSO requires a certificate!)
Let's Encrypt works perfectly fine for that too.  }:-)
Exactly! That was sort of my point too. The person creating that dumpsterfire list seemed to be trying to avoid having to install a security certificate, but having that security certificate solves other problems besides the website getting https, such as enabling TLS, too. That was my basic point, I was just trying to be less wordy. 

--
Rob McEwen, invaluement
Previous By Date Next
Previous By Thread Next

Current thread: