[josm-dev] JOSM server shut down for maintenance

[Dirk Stöcker]

On Sat, 20 Sep 2014, colliar wrote:

> Please, do not offer RC4 anymore, it is insecure.
> Better no security than broken one !

That's not true. Currently after Snowden we are finally in the phase to 
establish TLS usage. For now we need to get it working and accepted. 
Enforcing really good security comes later, but then it's a matter of 
plain software settings instead of totally new concepts.

A major fact that prevented all-day encryption are these security fanatics 
which come with their unpractical all-or-nothing approach.

A lot of admins and programmers and other people still have to learn a 
lot. Enforcing too much will result in "to hell with your encryption".

At work I currently have trouble with company wide firewall rules which 
freely allow HTTP, but block any self-signed certificate. So actually they 
block the higher security level due to misunderstood concepts. And that's 
only one example of the many troubles out there. Enforcing any of the 
latest standards usually is not the solution.

Ciao
-- 
http://www.dstoecker.eu/ (PGP key available)