On May 14, 2019, at 3:20 AM, Stewart Bryant <stewart.bryant@xxxxxxxxx> wrote:
While it is true that what is in the tunnel is in principle a private matter, in practice it’s mostly standard protocols that are used in these connections, because it’s better than reinventing the wheel, and there are better tools for debugging. Of course in specialized cases we will see different behavior, but in general there’s an HTTPS connection, or something like that. So in fact this use case does benefit from well-designed standards; indeed, when we see embarrassing security failures in apps, they almost always have to do with some failure or other of the app vendor to use available security mechanisms which were part of the ecosystem, but which they didn’t understand well enough to use correctly. But setting that aside for a moment, the fact is that we can only do what we can do. It’s true that there are some things that an SDO can’t reach. And yet there are many things we can. So figuring out how to do those well is still worthwhile. |
