***off list*** Jonathan,
I've been bringing these issues up over the years with the Plan 9 crowd. I think the real response is that the Plan 9 culture is all about collegial groups and not about what I call Rocinha, the wider world where bad things happen if you don't guard against them.
Wes Kussmaul Jonathan D. Proulx wrote:
On Sun, Dec 16, 2007 at 06:16:06PM -0500, erik quanstrom wrote: :i'm not a security expert. what case that i can't currently see :would tls solve for me that's worth the extra configuration. :what am i missing? It will prevent the username:password pair from being easily snpooped. Minimally this would compromise email, which as you say is inherantly insecure, but howmany of your users have the same username password pair for other things too (like the plan9 passowrd you wish to protect). It this seconday case that is more dangerous, you can blame the users for overloading their credentials and mixing "secure" and "insecure" usages, but they will blame you if their email password is also their bank passowrd. Atleast those are the things I worry about with my users... -Jon
-- Wes Kussmaul CIO The Village Group 738 Main Street Waltham, MA 02451 781-647-7178 The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify attorney Mort Hapless at Vulner, Exposed & Wideopen LLP immediately at either (781) 647-7178, or at [EMAIL PROTECTED], and destroy all copies of this message and any attachments. No, really. Really. Listen, we mean it! Hey, if you don’t stop reading that confidential stuff about our client you’re in big trouble. OK, we’re the ones in trouble but we’ll find a way to go after you, or at least we think we may be able to. Look, we’re begging you. Just click the delete button and move on to a message that concerns you, OK? Please?? We'll buy you lunch... Identity is the Foundation of Security™. Let Authentrus (authentrus.com) ensure that only intended recipients receive your confidential messages.
