Re: [dev] suckless.org TLS / HTTPS support

From: hiro <23hiro_AT_gmail.com>
Date: Thu, 31 Aug 2017 20:54:35 +0200

this is not about just whether something has TLS support, this is
about giving the user choices. And the shitty TLS standard, TLS
implementations and browser interfaces are not giving people anything
remotely useful.
As I said before (and I'm repeating for everybody else, since your
dyslexia might drag them down, too), ciphers keep on changing, and
thus even if TLS 1.2 is older, the list of accepted cipher lists have
changed much more recently, and will keep on breaking things
regularly. For that http is a good fallback, especially when somebody
doesn't need your security snakeoil.

This is not your village council or democratic kindergarten parent's
advocate voting celebration. Suckless is not your crypto revolution,
all the software here should just be read completely if not already
trusted, it's small enough for that to be possible.

your arguments are the most braindead i've seen on suckless in years:
you must think that dwm sucks. I congratulate that, but i don't agree
it's because dwm doesn't deal with TLS.

> Offering HTTPS is a huge first step
No, it's mostly useless.

> But let's take another step and redirect HTTP to HTTPS. (Until it's time to finally turn of HTTP.)
Just fuck off.

Thought game: If ilf's mother lacks confidentiality, authenticity and
integrity, she also opens many opportunities for downgrade scenarios.
Does that make her evil?

Your logic is more hurtful than trying to swallow a whole thinkpad,
opened up 180 degrees.

On 8/31/17, ilf <ilf_AT_zeromail.org> wrote:
> Paul Menzel:
>> I understood it the way, that there might be programs not being able
>> to deal with TLS.
>
> The first version of SSL/TLS became a standard in 1999. TLS 1.2 is from
> 2008, over nine years ago: https://tools.ietf.org/html/rfc5246
>
> Any software that can't deal with TLS is IMHO broken - and sucks.
>
> Really, cleartext is evil for many reasons: it lacks confidentiality,
> authenticity and integrity - and it opens many opportunities for
> downgrade scenarios.
>
> The Snowden relevations have shown that the internet is under attack and
> technologists should actively work against that:
>
> Pervasive Monitoring Is an Attack
> https://tools.ietf.org/html/rfc7258
>
> Confidentiality in the Face of Pervasive Surveillance
> https://tools.ietf.org/html/rfc7624
>
> So please, let's try to move away from cleartext to encrypted
> connections. Offering HTTPS is a huge first step. But let's take another
> step and redirect HTTP to HTTPS. (Until it's time to finally turn of
> HTTP.)
>
> Thanks.
>
> --
> ilf
>
> Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
> -- Eine Initiative des Bundesamtes für Tastaturbenutzung
>
Received on Thu Aug 31 2017 - 20:54:35 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 31 2017 - 21:00:35 CEST