On 2011-03-09 13:44:32 John Hasler wrote: >I wrote: >> Sure, if you don't mind publishing your tax returns. > >Boyd Stephen Smith Jr. writes: >> "Publishing" is perhaps a bit harsh. Most web-based tax services use >> end-to- end encryption to prevent the data from being intercepted both >> times it is "on the wire": from you to them and from them to the IRS. > >It's secure from them to the IRS but the Web is inherently insecure.
Well, that statement is false on it's face. Properly implemented TLS trust chains are equivalent to the PGP/GPG web-of-trust and are the most secure way to exchange information publicly available. AES is aging well and the best attack against the full cipher is still brute-force. SHA-1 is much older and has some valid attacks against the full hash, but none that a feasible to crack a single TLS session, even if it would allow you to completely "pwn" the average citizen. Soon, it will be replaced with SHA-3; SHA-2 is already available and it would be relatively easy to switch to it if attacks against SHA-1 starting coming about more often. The Web, like many *many* technologies was not designed with security in mind so it is insecure by default. That doesn't prevent it from being secure. Ethernet, IPv4, and TCPv4 weren't built with security in mind. That doesn't make all your ssh connections "insecure". It is secure from the individual to them. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
