The praise of GnuPG @31C3

Robert J. Hansen rjh at
Thu Jan 1 03:40:01 CET 2015

> If anyone has a reference ...

Not a reference, but some history —

Microsoft’s point-to-point tunneling protocol version 1.0 was a miserable failure.  Version 2.0 closed up many of those holes and was widely regarded as secure, except for a configuration option which was on by default: “Enable backwards compatibility.”  So to exploit a PPTP 2.0 connection, you just had to connect and give it a 1.0 handshake, at which point it would fall back into an insecure mode.

The protocol was secure: you just had to configure it correctly.  The server was correctly implemented.  It’s just that it was shipped in a completely broken state, most system administrators didn’t know it and/or didn’t check it, and as a result it was pretty much useless.

A secure protocol must be used correctly in order to provide communications security.  Too often people completely lose sight of that and don’t even introduce it into their discussions.  So — discuss.  If you use ssh and trust it, how do you know that you’re using it correctly?  How do you know the people who connect to your system are?  Etc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3634 bytes
Desc: not available
URL: </pipermail/attachments/20141231/a925c15f/attachment.bin>

More information about the Gnupg-users mailing list