Re: Apache/PHP Installation - opinions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Valeri Galtsev wrote:
> On Wed, April 27, 2016 10:29 am, m.roth@xxxxxxxxx wrote:
>> Alice Wonder wrote:
>>> On 04/27/2016 01:21 AM, Brandon Vincent wrote:
>>>> On Wed, Apr 27, 2016 at 1:10 AM, Rob Kampen
>>>> <rkampen@xxxxxxxxxxxxxxxxx>
>> wrote:
>>>>> Sounds good, but how many domain MX servers have set up these
>>>>> fingerprint keys - 1%, maybe 2%, so how do you code for that? I guess
>> I'm thinking
>>>>> it uses it if available. So even if you do post it on your DNS, how
>>>>> many clients out there are using DANE on their set up? By the time it
>>>>> becomes more than a tiny % and generally useful, it will be in
CentOS 8.
>>>>> It also requires certificates to be implemented more ubiquitously than
>>>>> at  present - although we do now have affordable solutions, so this
>>>>> one may resolve more quickly.
>>>>
>>> Security and Privacy on the Internet are both severely broken.
>>>
>>> If you read the white papers from when the Internet was first being
>>> designed, security was rarely even mentioned.
<snip>
>> Just as a point of information, when those RFCs were written, the
>> Internet was *only* for US gov't, and selected research and educational
>> organizations, and NO ONE else. The open 'Net only came in in the
>> nineties - so security wasn't broken and insecure, back then there was
physical
>> security and careful selection as to who was allowed on, at all.
>
> That is true, they had in mind resilience of communication net to portions
> of it brought down (implying some nasty thing like nuclear exchange). Real
> security though is not in restriction of those who can access something
> (like government only). Security experts often say: if a secret in known
> to two people it likely is not a secret anymore ;-(

Yup, which drives some governments and companies *nuts*... but the
original specs included the idea that "if you can find ANY way for your
packets to get through, even if three-quarters of all the computers
between me and you are now radioactive dust, you will get those packets
through".

     mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux