[ale] [EXTERNAL] Re: Rant: internet for the stupid

Thu Jun 3 15:14:58 EDT 2021

http needs a revisit.
The current situation is that it serves two purposes.
1.  Verify the identify of the remote system
2.  Prevent transfer of clear text data

We need something in between, where the only concern is #2.  Yes, I know that self-signed certs can work, but there is the browser warning, which they seem to make progressively more annoying.
Use case example:  Dell iDrac interface.  Managing real certs on hundreds of them is a pain - especially now that 3-year certs aren't a thing.  Self-signed certs accomplish the task, but the browser still complains.  
Sure, you can self-sign something and import it on the workstations, but that still requires managing it.  I'm talking about a "just works" solution solely for ensuring data is not passed in the clear.  (the equivalent of a self-signed cert without browser complaints that it is self-signed).
Allen B.

--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu

________________________________________
From: Ale <ale-bounces at ale.org> on behalf of DJ-Pfulio via Ale <ale at ale.org>
Sent: Thursday, June 3, 2021 2:06 PM
To: ale at ale.org
Cc: DJ-Pfulio
Subject: [EXTERNAL] Re: [ale] Rant: internet for the stupid

And you still can, but don't expect to hold other project teams do your desires.
Plain FTP can still be used and so can HTTP, if we like.
Heck, we can still use rcp if we like too. It is there and available, ready for use.  The ~/.netrc file still works too as does the ~/.rhosts file.

Inside my home LAN, I have little use for HTTPS, but I still use it to avoid problems from most browsers and addons that really want HTTPS to be used always.  If I really want to use HTTP, there is dillo, a minimal browser that doesn't validate any HTTPS certs, nor support javascript.

The world has changed.  Network protocols didn't need to be too secure in 1990. Non-secure protocols that are typically used over the internet need to be non-default. Think of the kids.

On 6/3/21 12:52 PM, Boris Borisov via Ale wrote:
> As far I agree with protocol not being secured I still want to make
> my own decisions what to use and what not.
>
>
>
>
> On Thu, Jun 3, 2021, 12:31 Chris Fowler via Ale <ale at ale.org
> <mailto:ale at ale.org>> wrote:
>
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
*From:* Ale <ale-bounces at ale.org <mailto:ale-bounces at ale.org>> on behalf of DJ-Pfulio via Ale <ale at ale.org <mailto:ale at ale.org>>
> *Sent:* Thursday, June 3, 2021 10:48 AM *To:* ale at ale.org
> <mailto:ale at ale.org> <ale at ale.org <mailto:ale at ale.org>> *Cc:*
> DJ-Pfulio <DJPfulio at jdpfu.com <mailto:DJPfulio at jdpfu.com>> *Subject:*
> Re: [ale] [EXTERNAL] Rant: internet for the stupid
>
> I'm anti-plain FTP.  Think it should have been killed off in 2002.
> Very unfriendly towards firewalls. Next to zero security. Worse if
> people are using non-anonymous logins.
>
> I agree 100%.  Almost no security and I am not crazy of its use of
> two ports.   I guess a relic of the time it was invented.
>
_______________________________________________
Ale mailing list
Ale at ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo