Bee Yarn Knee 🙊 🇮🇸 🍏
One of the paradoxes I struggle with in my work, is the conflict between crypto and reliability.
Crypto is important. But it is very binary in nature - either the stars align and you can decrypt, or it fails and there's no recovery. With that kind of binary, reliability suffers. This is inevitable.
As an example, most of the Mastodon downtime I've experienced has been related to minor SSL certificate blunders.
I feel like most of the #InfoSec community wilfully ignores this dynamic.
Bee Yarn Knee 🙊 🇮🇸 🍏
We've actually seen this dynamic before - in e-mail.
Because of spam, the weird technical hoops you had to jump through to run a mail server kept getting more and more insane.
And at the same time, people demand more and more functionality, fancy web interfaces, high availability.
Fast forwared to today: even big universities and governments with dedicated IT departments have given up and pointed their MX records at GMail.
Is the web headed the same way?
Wolf480pl
@HerraBRE
@rysiek
One of the most important things I've learned about security during last few years is that it consists of not just Confidentiality and Integrity, but also Availability. So a situation where you can't connect to a server, or decrypt a message, is still treated as a security failure. There's often (always?) a tradeoff between Availability and the other two components, but it's not true that security people don't care about Availability.
Chirp! is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Chirp! content and data are available under the Creative Commons Attribution 3.0 license.