On 1/11/2019 2:50 PM, Grant Taylor via NANOG wrote:
On 01/11/2019 12:32 PM, Rob McEwen wrote:
but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryption?

Oy vey.  in-flight vs at-rest encryption.  <facepalm>

which is why i said "fwiw", acknowledging upfront that TLS transmission encryption has a limited scope. I guess you missed that?  But I was specifically replying to a complaint about passwords being sent in plain text, and I was suggesting that TLS would solve that problem. At that point in the discussion, it wasn't a discussion about all things encryption. ("context" is very helpful - are you still facepalming?)


On 01/11/2019 12:32 PM, Rob McEwen wrote:
(but, then again, that ALSO requires a certificate!)
Let's Encrypt works perfectly fine for that too.  }:-)


Exactly! That was sort of my point too. The person creating that dumpsterfire list seemed to be trying to avoid having to install a security certificate, but having that security certificate solves other problems besides the website getting https, such as enabling TLS, too. That was my basic point, I was just trying to be less wordy.

-- 
Rob McEwen, invaluement