On 1/30/25 3:25 PM, Fred Morris wrote:
I don't think everything on the planet needs to support encryption
out of the box if composable components are available.
I'm inclined to agree with you.
However, the only rebuttal that I've heard which I give any serious
credence to is the ability for the endpoint that doesn't support
encryption natively to have any visibility into middle boxen being used
to add TLS or not.
E.g. an HTTP server has no inherent knowledge that the traffic was
encrypted with HTTPS to a front end proxy. Conversely the HTTPS server
knows implicitly that the traffic came in encrypted, and to what level.
Sure, there are external things that can be put around it to be able to
say that the only thing that hits a given IP is from the front end. But
that's external dependencies and trust, something that isn't needed when
encryption is supported natively.
--
Grant. . . .
unix || die
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
