[GTALUG] NAT [was Re: Linux hardening question]
James Knott
james.knott at rogers.com
Mon Jul 3 09:15:23 EDT 2017
On 07/03/2017 08:56 AM, Russell wrote:
> It took a lot of highway deaths before car manufacturers were compelled to make seatbelts a standard from the factory. It took another generation and a lot of physical hacks, ie. no start till buckled up, to get people to use them.
>
> Its open to everyone to generate or use a keysigning authority.
Yep. I get mine from cacert.org. The problem is most people don't know
about them or bother with getting them. In large organizations,
directory servers can provide them. I worked at IBM Canada HQ, back in
the late '90s. One of the first things I had to do, when I started, was
get my email certificates. This was on Lotus Notes. Any LDAP server
should be able to support X.509 certificates, which makes them easier to
use. Otherwise, you have to manually exchange them, by sending signed
email.
> Perhaps that was the problem with Hillary Clintons use of a home network mailserver? That she signed her own keys privately but then did the governments work using them. This would clearly outside of government and even any reasonable business policy.
>
My understanding is that they were plain text email. If they had been
encrypted, then this wouldn't have been such a problem. Also, it was
the DNC's server, along with another Democrat one that was hacked, not
Hilary's. Regardless, she shouldn't have been using a personal server
for government business. But that pales in comparison with Trump's use
of Twitter.
More information about the talk
mailing list