On 16/09/2019 14:44, Roland Hughes wrote:
On 9/16/19 5:00 AM, [email protected] wrote:Il 14/09/19 14:53, Roland Hughes ha scritto:Please keep in mind there is no version of SSL which is secure.Do you have any reference/source for this (quite extraordinary) claim?You know, for you it wouldn't matter. It would be a link and you are incapable of actually clicking then reading anything which doesn'tsupport your opinion.
So, personal insults right off the bat?
There are numerous packages on the market which cut through SSL like a hot knife through butter.
Any link to ANY of those?
"60 Minutes" did a piece on the best known and most financially successful one but some sources say there are around a dozen packages playing at the same level. Here's the link which was provided before and I'm sure you didn't bother to follow prior to responding. https://www.cbsnews.com/news/interview-with-ceo-of-nso-group-spyware-maker-fighting-terror-khashoggi-murder-and-saudi-arabia-60-minutes-2019-08-18/
The link does not talk about breaking SSL. The link is about spyware for smartphones. SSL is actually never mentioned, not to mention of course breaking it.
I'll reinstate: where is the evidence supporting the claim that "there is no version of SSL which is secure"?
This is a super-strong claim on a mailing list read by Qt users, who are using SSL in their products, who are relying on Qt to do the right thing when it comes to security technologies (and Qt offers SSL-related facilities).
Please also keep in mind the big systems are moving towards a TCP/IP software appliance within the OS. No application will be able to create or open a port. No application will be able to choose/define the transport layer security. They will open a logical-resource-handle provided by the OS and the systems manager will configure if that resource is I, O, or I/O as well as what the transport level protocols are. Eventually (within 5 years of adoption) this will be forced out into the IoT and lesser devices world as well.So long for the "backward compatibility is paramount" promise then.That would only be for the hokey code which came from the *nix world.
And Windows.
For the code which didn't come from a world that did it wrong it is 100% backwardly compatible because that is exactly how we did network communications. In other words all of the software developed _on_ those platforms and _for_ those platforms will be fine. What will be going away are the *nix TCP/IP library functions of C/C++ because they are a massive security nightmare. There was a time when marketing bowed to the pressure from companies which only wanted "free" software on their million plus dollar platform, but that has lead to security catastrophe after security catastrophe. Now they are in the process of locking them back down and just letting people whine an snivel about *nix package not being available on the platform.
So we're talking about non-Unix, non-Windows, non-Apple platforms. I.e. roughly about 0% of the current market share of Qt. What are Qt users (the people who read this very mailing list) going to do with this useless information?
-- Giuseppe D'Angelo | [email protected] | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - The Qt, C++ and OpenGL Experts
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
