On 1/11/2019 2:50 PM, Grant Taylor via NANOG wrote:
On 01/11/2019 12:32 PM, Rob McEwen wrote:
but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryption?
Oy vey. in-flight vs at-rest encryption. <facepalm>
which is why i said "fwiw", acknowledging upfront that TLS transmission encryption has a limited scope. I guess you missed that? But I was specifically replying to a complaint about passwords being sent in plain text, and I was suggesting that TLS would solve that problem. At that point in the discussion, it wasn't a discussion about all things encryption. ("context" is very helpful - are you still facepalming?)
On 01/11/2019 12:32 PM, Rob McEwen wrote:
(but, then again, that ALSO requires a certificate!) Let's Encrypt works perfectly fine for that too. }:-)
Exactly! That was sort of my point too. The person creating that dumpsterfire list seemed to be trying to avoid having to install a security certificate, but having that security certificate solves other problems besides the website getting https, such as enabling TLS, too. That was my basic point, I was just trying to be less wordy. -- Rob McEwen, invaluement