From: Wes Kussmaul <wes@authentrus.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] upas/smtpd password authentication
Date: Mon, 17 Dec 2007 14:40:34 -0500 [thread overview]
Message-ID: <4766D0B2.8030008@authentrus.com> (raw)
In-Reply-To: <20071217165431.GG603@csail.mit.edu>
***off list***
Jonathan,
I've been bringing these issues up over the years with the Plan 9 crowd.
I think the real response is that the Plan 9 culture is all about
collegial groups and not about what I call Rocinha, the wider world
where bad things happen if you don't guard against them.
Wes Kussmaul
Jonathan D. Proulx wrote:
> On Sun, Dec 16, 2007 at 06:16:06PM -0500, erik quanstrom wrote:
>
> :i'm not a security expert. what case that i can't currently see
> :would tls solve for me that's worth the extra configuration.
> :what am i missing?
>
> It will prevent the username:password pair from being easily
> snpooped. Minimally this would compromise email, which as you say is
> inherantly insecure, but howmany of your users have the same username
> password pair for other things too (like the plan9 passowrd you wish
> to protect).
>
> It this seconday case that is more dangerous, you can blame the users
> for overloading their credentials and mixing "secure" and "insecure"
> usages, but they will blame you if their email password is also their
> bank passowrd.
>
> Atleast those are the things I worry about with my users...
>
> -Jon
>
>
--
Wes Kussmaul
CIO
The Village Group
738 Main Street
Waltham, MA 02451
781-647-7178
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify attorney Mort Hapless at Vulner, Exposed & Wideopen LLP immediately at either (781) 647-7178, or at ohoh@vulex.com, and destroy all copies of this message and any attachments. No, really. Really. Listen, we mean it! Hey, if you don’t stop reading that confidential stuff about our client you’re in big trouble. OK, we’re the ones in trouble but we’ll find a way to go after you, or at least we think we may be able to. Look, we’re begging you. Just click the delete button and move on to a message that concerns you, OK? Please?? We'll buy you lunch...
Identity is the Foundation of Security™. Let Authentrus (authentrus.com) ensure that only intended recipients receive your confidential messages.
next prev parent reply other threads:[~2007-12-17 19:40 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-15 0:09 erik quanstrom
2007-12-15 0:16 ` Steve Simon
2007-12-15 0:26 ` erik quanstrom
2007-12-16 18:02 ` Russ Cox
2007-12-16 23:16 ` erik quanstrom
2007-12-17 16:54 ` Jonathan D. Proulx
2007-12-17 17:26 ` erik quanstrom
2007-12-17 18:33 ` Jonathan D. Proulx
2007-12-17 19:40 ` Wes Kussmaul [this message]
2007-12-17 17:52 ` Russ Cox
2007-12-17 21:05 ` Lyndon Nerenberg
2007-12-17 21:08 ` Lyndon Nerenberg
2007-12-17 21:10 ` erik quanstrom
2007-12-17 23:12 ` Lyndon Nerenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4766D0B2.8030008@authentrus.com \
--to=wes@authentrus.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).