On Wed, Nov 11, 2015 at 4:29 PM, Robert Simmons <rsimmo...@gmail.com> wrote:
> I don't think there is such a thing as a trusted network. That is a unicorn > these days. > > No networks should be considered trusted. > oh baloney. That's just a clever way to say you want to stop thinking about trust. If I've connected two machines directly, that network is more trustworthy than any encryption. This is not rare, but typical for system recovery, which is where nc and ssh with the none cipher are highly useful. It's also not a bridge too far to claim a network is trusted when it has 1000 computers on a special-purpose processing network with access only allowed by the admins that built it, and perhaps an API. In those networks, the nodes work together like storage and CPUs work together in a single computer. The only difference is that SATA disks and x86 CPUs are replaced by general-purpose computers running Cassandra and Nginx, connected by ethernet, so that you can connect thousands together instead of dozens. Do you always insist on encryption on your SATA cables and memory buses? That sort of special-purpose network is not rare either; rather it's typical for internet services where the load is beyond what a single machine can handle, or clusters that run models that are too large for a single machine. Trustworthy networks do exist. They just aren't the same networks as 20 years ago. -- As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
