• KillingTimeItself@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    4
    ·
    6 months ago

    it depends on the application, if you’re just serving a static site, or talking on a public chatforum, yeah encryption is pointless.

    If you’re talking an SSH tunnel? Yeah no this is stupid.

    • frezik@midwest.social
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      6 months ago

      Encryption everywhere isn’t about the individual content. By making it ubiquitous, it’s harder for bad actors to separate the encrypted data they want from the one’s they don’t. If only special content is encrypted, then just the fact that it’s encrypted is a flag for them. It also makes it much harder to ban. It’s pretty much impossible to ban the algorithms in TLS at this point. Too much depends on it.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        it’s a good thing the entirety of https traffic has encrypted headers than…

        Regardless, if it’s properly encrypted it doesn’t matter if they have it, and are able to confirm who it’s from, unless we’re talking about a governmental agency or an org with access to one of those mythical quantum computers. In which case it’s probably a significant portion of future security.

        • frezik@midwest.social
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          TLS already has algorithms hardened against QC. The effects of QC against encryption are greatly exaggerated, anyway. The number of qubits that would be needed to break encryption may be too large to ever be feasible.

          Get IPv6 going and stuff like SNI becomes unnecessary.