| ▲ | mystraline 4 hours ago | |
And thats a huge downside when people howl about "Encryption everywhere! ". Try debugging that shit. Thats right, debugging interfaces aren't safe, by some wellakshually security goon. You want a real fun one to debug, is a SAML login to a webapp, with internal Oauth passthrough between multiple servers. Sure, I can decrypt client-server stuff with tools, but server-server is damn near impossible. The tools that work break SSL, and invalidate validation of the ssl. Yes, Esri products suck. Bad. | ||
| ▲ | jabwd an hour ago | parent | next [-] | |
Sounds like blaming a tool on a problem it did not cause. Either way, solvable and encryption is important. Badly designed systems and or lack of tooling isn't really an encryption problem. Anyway, VMs should not have authentication, it makes access sooo much easier. Also drop your IPs while you're at it. Might be useful for debugging later. | ||
| ▲ | reincarnate0x14 2 hours ago | parent | prev | next [-] | |
I used to share that opinion but after decades in industrial automation I find myself coming down much more on the "yeah, encryption everywhere" because while many vendors do not provide good tools for debugging, that's really the problem, and we've been covering for them by being able to snoop the traffic. Having to MITM a connection to snoop it is annoying, but the alternative appears to be still using unencrypted protocols from the 1970s within the limitations of a 6502 to operate life-safety equipment. | ||
| ▲ | supern0va 3 hours ago | parent | prev [-] | |
It seems like a leap to suggest we shouldn't have widely deployed encryption...rather than just fix the debugging tools. Particularly in today's political climate, encryption has only become more necessary. | ||