On 01/11/2019 12:32 PM, Rob McEwen wrote:
but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryption?
Oy vey. in-flight vs at-rest encryption. <facepalm>
which is why i said "fwiw", acknowledging upfront that TLS
transmission encryption has a limited scope. I guess you missed
that? But I was specifically replying to a complaint about
passwords being sent in plain text, and I was suggesting that TLS
would solve that problem. At that point in the discussion, it
wasn't a discussion about all things encryption. ("context" is
very helpful - are you still facepalming?)
On 01/11/2019 12:32 PM, Rob McEwen wrote:(but, then again, that ALSO requires a certificate!)Let's Encrypt works perfectly fine for that too. }:-)
Exactly! That was sort of my point too. The person creating that
dumpsterfire list seemed to be trying to avoid having to install a
security certificate, but having that security certificate solves
other problems besides the website getting https, such as enabling
TLS, too. That was my basic point, I was just trying to be less
wordy.
-- Rob McEwen, invaluement