I mean, do you honestly want to admit publicly that you don't understand
why it's a good security practice to disable insecure SSL protocols and
ciphers? I shouldn't even have to point to that, you should have to
already know that to be given root to anything.
On 2022-08-03 12:03, Grant Taylor via mailop wrote:
On 8/3/22 9:46 AM, Jarland Donnell via mailop wrote:
It's a pretty big and well respected security practice to consider
plain text to be more secure than insecure SSL for one reason: A plain
text connection isn't logged or reported as a secure connection.
What‽‽‽
Please elaborate. Please point to more documentation related to this
respected security practice.
Both being insecure, only one of the two involves your server
negotiating and reporting to the third party that you are accepting it
over a secure connection. Which is basically a lie. Plain isn't a lie,
and that's worth something.
I don't see how considering "not the best security" as more secure
than "no security" is a lie in any way, shape, or form.
I feel like this is a case of anything less than perfect is not good
enough and thus a waste of time. -- I often see such sentiments
causing people to abandon give up on any from of security and
continuing without any security at all.
If you must divulge your SSN over the phone (for reasons) do you just
blurt it out at normal volume indifferent to who is around? Or do you
walk to a secluded corner of the room and cup your hand around the
mouth piece? Even questionable security is better than no security in
many cases.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
