YD> I think the site is tying to get people to push back on services that
YD> don't encrypt at the client, the same way ssh got implemented because
YD> people started to refuse to use telnet.

I was working at Caltech from 1999 - 2005, and gave a couple of talks
while I was there about switching to SSH. "People refusing to use telnet"
wasn't the problem we were having at the time. :^p  The IT staff, running
the servers, wanted to improve security, and had to drag clients kicking
and screaming (sometimes literally screaming; seldom literally kicking :^)
away from their familiar telnet clients, and convince them to use some
*whole other program* to log in, with no visible benefit to them whatsover.

Maybe it was different in other places, but I predict that if you want to
improve authentication protocols, the people you need to convince are the
people writing the servers and the clients, not the end users. Once it's
actually adopted somewhere, convincing users to use it will be important,
but I don't think end users are the first step.

Is there a list somewhere of sites and/or browsers who support CBcrypt today?

                                      -Josh (iril...@infersys.com)
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
 http://lopsa.org/

Reply via email to