-------- In message <[email protected]>, TJ Varghese w rites:
>I'm curious as to your take on electronic banking. Good security is not "all or nothing", it is a carefully calibrated application of security measures to the problem at hand. By forcing all web-traffic onto HTTPS, the rabid IT-liberalist has put governments in a position where they either have to break HTTPS traffic open or give up on having a working criminal justice system. Anybody with a daughter knows what that dice will roll. If you've ever read Clausewitz, you will recognize this strategy as really stupid: *Never* put your enemy in a position where their only option is to defeat you. Various governments are going about this in different ways, some force a trojan root-cert on all their citzens, others pass law where you can be jailed indefinitely until you hand over your passwords, others again try force the IT-industry to "ensure legal access". Unfortunately this happens with little or no intelligent and cooperative input from the IT-community, who seem hell-bent on their "all or nothing" strategy. I personally preferred it back when HTTPS was tolerated by governments, because everybody could see that banking and e-commerce needed it, over the situation now, where HTTPS is so trojaned, that my webbank is no longer trustworthy via HTTPS. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [email protected] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
