Clemens Lang wrote:
> I hope you’re not suggesting we keep the defaults insecure because there
> are some institutions out there that don’t support modern standards.
Sorry, but I am. The defaults need to work out there in the real world. If
legacy standards are still widespread, they need to be supported out of the
box, without having to jump through hoops. Users want to be able to connect
to their WPA* WiFi networks, view their HTTPS websites, etc. They do not
care whether those use the latest, most secure versions of the standard or
not. (In fact, most users do not even care that encryption is used at all,
they only use encryption at all because the other end forces them to, i.e.,
because the WiFi network requires it, or the website uses HTTP to HTTPS
redirection and/or HSTS, etc.)
Kevin Kofler
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
