[182481] in North American Network Operators' Group
Re: SEC webpages inaccessible due to Firefox blocking servers with
daemon@ATHENA.MIT.EDU (Niels Bakker)
Fri Jul 17 16:30:32 2015
X-Original-To: nanog@nanog.org
Date: Fri, 17 Jul 2015 22:30:27 +0200
From: Niels Bakker <niels=nanog@bakker.net>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <SN1PR08MB143891B4F33E79ACC987B51D83980@SN1PR08MB1438.namprd08.prod.outlook.com>
Errors-To: nanog-bounces@nanog.org
* michael.holstein@csuohio.edu (Michael O Holstein) [Fri 17 Jul 2015, 21:14 CEST]:
>>making 99% of the web secure is better than keeping an old 1% working
>A fine idea, unless for $reason your application is among the 1% ..
>nevermind the arrogance of the "I'm sorry Dave" sort of attitude.
Why do you upgrade your management systems asynchronously to your
applications? You bring this on yourself.
>As an example .. we have a vendor who, in the current release (last
>3 months) still requires "weak" ciphers in authentication responses.
>That was mostly okay until another vendor (with more sense) wanted
>to auth the same way but only permitted strong ciphers.
Why do you access mission-critical systems that are provably insecure
from systems that also have internet access?
If it's not mission-critical, then you should explain why you haven't
dumped that vendor yet for shipping insecure software - an insecurity
that is very easy to mitigate by them, should they have chosen to.
-- Niels.
