BjarniBjarniBjarni 🙊 🇮🇸 🍏
One of the paradoxes I struggle with in my work, is the conflict between crypto and reliability.
Crypto is important. But it is very binary in nature - either the stars align and you can decrypt, or it fails and there's no recovery. With that kind of binary, reliability suffers. This is inevitable.
As an example, most of the Mastodon downtime I've experienced has been related to minor SSL certificate blunders.
I feel like most of the #InfoSec community wilfully ignores this dynamic.
Wolf480pl
@HerraBRE
@rysiek
One of the most important things I've learned about security during last few years is that it consists of not just Confidentiality and Integrity, but also Availability. So a situation where you can't connect to a server, or decrypt a message, is still treated as a security failure. There's often (always?) a tradeoff between Availability and the other two components, but it's not true that security people don't care about Availability.
BjarniBjarniBjarni 🙊 🇮🇸 🍏
I think it's really interesting to follow Dave Winer (inventor of RSS) on Twitter - he's very concerned about the current push towards HTTPS.
He's afraid raising the secrity bar will make the web less open and less accessible. And he's right; adding technical requirements favours the entrenched big players with big budgets.
Dave also fears for the historic web, in the (unlikely?) event that browser vendors actually deprecate HTTP.
I don't agree with everything he says, but the POV has value.
Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.
All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.