Roger that. So this:
Specifically "plain text to be more secure than insecure SSL".
It's about proper documentation, expectation, and communication. The
most secure line is the actual secure line, the least secure line is the
one that says "I am secure" and isn't. This might sound confusing
because most people would think "The least secure line is the one that
says 'I am not secure'" instead. But when you say "This is not a secure
line" you know for sure that both parties fully understand that it isn't
secure. Where as if you say "This is a secure line" and it isn't because
the other party either doesn't know what they're doing or is the victim
of a downgrade attack (through whatever attack vector that came from)
then the other party walks away saying "I transmitted secure data" and
to them it's over. Playing either role in that situation is bad, but
being the intelligent admin who cares none for the other guy is worse
than just saying up front: "This isn't secure, plan accordingly."
On 2022-08-03 12:59, Grant Taylor via mailop wrote:
On 8/3/22 11:34 AM, Jarland Donnell via mailop wrote:
I mean, do you honestly want to admit publicly that you don't
understand why it's a good security practice to disable insecure SSL
protocols and ciphers? I shouldn't even have to point to that, you
should have to already know that to be given root to anything.
First, I didn't admit that I don't understand why it's a good security
practice to disable insecure SSL protocols and ciphers. I very well
understand why insecure SSL protocols and ciphers should be abandoned.
Second, I'm okay admitting things. I've found that admitting my
faults garners others trust in my statements when something is not the
case.
Third, I asked for clarification about or pointers supporting your
"well respected security practice to consider plain text to be more
secure than insecure SSL" statement.
Specifically "plain text to be more secure than insecure SSL".
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
