Re: Question about DNS naming conventions

[William Herrin <bill () herrin us>]

On Wed, Feb 12, 2025 at 7:53 PM Jack Bates <jbates () paradoxnetworks net> wrote:
> Most users don't have any idea and would allow an attacker to compromise
> their bank connection if given the choice. The defaults are designed to
> protect the majority?

I see no issue with the server user deciding that it won't converse
with a client user beneath some level of cryptographic quality. The
server operator has a reasonable idea how sensitive his information
is. My bank shouldn't agree to talk to me with TLSv1.0.

Same with the client user. He has a reasonable idea how much care he
wants the data to be given.

My qualm arises when a third party without any knowledge of the data
denies one of the users the ability to meet the other at the other's
lower cryptographic standard. This is damage to availability in a
situation where a meaningful gain to confidentiality or integrity has
not been demonstrated and may be demonstrably false. Such as the
situations described upthread.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/