On Thu, Apr 29, 2004 at 12:02:44AM -0500, stephen@sprunk.org said:
Thus spake "Robert E. Seastrom" <rs@seastrom.com>
Most of us who are willing to opportunistically do STARTTLS are using self-signed certificates anyway. We do this for many reasons; chief among the reasons I do so are:
1) More encrypted traffic running around the Internet is a _good thing_
This is an oft-overlooked angle... If only sensitive information is encrypted, then the mere use of encryption makes one a target -- one buys a safe only if they have valuables to protect, right? However, if every home came with a safe, how would burglars figure out who to rob?
The feds clearly have the power to get through or around encryption suspected criminals are using: the FBI reports that there have been _zero_ cases nationwide over the past several years where the use of encryption has prevented them or other agencies from obtaining the evidence needed, even when "secure" tools like PGP, SSL, or IPsec are used.
<snip> That assumes the FBI can be trusted to be honest about cases where encryption successfully foiled their investigations. It is in their best interest, after all, to have everyone, criminals included, think encryption is not worth using (_especially_ if it is). :) OTOH, the average criminal is probably about as smart as the average user, which means the FBI wouldn't have to break the crypto, when they could just guess the criminal's passphrase/password with a minimum of effort ... (that said, I absolutely agree that more crypto everywhere, for both important and trivial traffic, is essential to reducing the "unusual" nature of such traffic. Crypto should be the default, not the exception.) </wishful thinking> -- Scott Francis | darkuncle(at)darkuncle(dot)net | 0x5537F527 Less and less is done until non-action is achieved when nothing is done, nothing is left undone. -- the Tao of Sysadmin