undefined | Better HN

0 pointstptacek6mo ago0 comments

PGP has very much had breaks, both in its authenticator and a full-on confidentiality break for the mail plugins, both traceable to the structure of the system itself, and that's before we get into the fundamental DOS flaw that killed the keyservers, which themselves are an antifeature. I don't think you can find a practicing cryptography engineer to stick up for PGP.

I don't like or trust OpenVPN. I'd sooner expose OpenSSH itself, which has really a pretty stunning security track record.

0 comments

Joel_Mckay6mo ago

The key concept is accountability, and if only 7 people have access to a host instance... the damage done by malicious or incompetent actors is kept small.

The biggest weakness in VPN is client-side cross-network leaks.

IPSec is simply a luxury if the LAN supports it, but also an administrative nightmare for >5k users. =3

j / k navigate · click thread line to collapse

0 comments

Joel_Mckay6mo ago

The key concept is accountability, and if only 7 people have access to a host instance... the damage done by malicious or incompetent actors is kept small.

The biggest weakness in VPN is client-side cross-network leaks.

IPSec is simply a luxury if the LAN supports it, but also an administrative nightmare for >5k users. =3

j / k navigate · click thread line to collapse