[CentOS] Apache/PHP Installation - opinions

Wed Apr 27 15:57:19 UTC 2016
m.roth at 5-cent.us <m.roth at 5-cent.us>

Valeri Galtsev wrote:
> On Wed, April 27, 2016 10:29 am, m.roth at 5-cent.us wrote:
>> Alice Wonder wrote:
>>> On 04/27/2016 01:21 AM, Brandon Vincent wrote:
>>>> On Wed, Apr 27, 2016 at 1:10 AM, Rob Kampen
>>>> <rkampen at kampensonline.com>
>> wrote:
>>>>> Sounds good, but how many domain MX servers have set up these
>>>>> fingerprint keys - 1%, maybe 2%, so how do you code for that? I guess
>> I'm thinking
>>>>> it uses it if available. So even if you do post it on your DNS, how
>>>>> many clients out there are using DANE on their set up? By the time it
>>>>> becomes more than a tiny % and generally useful, it will be in
CentOS 8.
>>>>> It also requires certificates to be implemented more ubiquitously than
>>>>> at  present - although we do now have affordable solutions, so this
>>>>> one may resolve more quickly.
>>>>
>>> Security and Privacy on the Internet are both severely broken.
>>>
>>> If you read the white papers from when the Internet was first being
>>> designed, security was rarely even mentioned.
<snip>
>> Just as a point of information, when those RFCs were written, the
>> Internet was *only* for US gov't, and selected research and educational
>> organizations, and NO ONE else. The open 'Net only came in in the
>> nineties - so security wasn't broken and insecure, back then there was
physical
>> security and careful selection as to who was allowed on, at all.
>
> That is true, they had in mind resilience of communication net to portions
> of it brought down (implying some nasty thing like nuclear exchange). Real
> security though is not in restriction of those who can access something
> (like government only). Security experts often say: if a secret in known
> to two people it likely is not a secret anymore ;-(

Yup, which drives some governments and companies *nuts*... but the
original specs included the idea that "if you can find ANY way for your
packets to get through, even if three-quarters of all the computers
between me and you are now radioactive dust, you will get those packets
through".

     mark