Comment by shavetheyaks on 16/01/2025 at 08:58 UTC

3 upvotes, 2 direct replies (showing 2)

View submission: Why encrypt

It's probably mostly that TLS is very mature with multiple open source libraries, has bindings in most modern languages, and has a wider range of capabilities than something that's just an auth protocol. It can verify identities in both directions, supports compression, session resumption, there's certificate infrastructure in place already, and everyone's familiar with it.

Also, sometimes encryption is required. Could be communicating through censorship/surveillance, or just as simple as something you don't necessarily need everyone else to see.

In a world where everything is unencrypted by default, encrypted traffic sticks out. Even if the contents can't be eavesdropped, it can be known that one particular conversation between two parties was important enough to hide - and that might be enough to cause damage. But if everything is encrypted...

And encryption doesn't get in the way of information exchange (since eavesdropping is not the way polite society exchanges information), so there's no harm to that goal.

Replies

Comment by CorrodingClear at 16/01/2025 at 15:13 UTC

2 upvotes, 1 direct replies

Being resistant to surveillance is one valuable point, but right now, I think the even bigger issue is protecting from malicious code from being injected. ISPs started injecting ads into unencrypted web pages years ago, and now we have organized crime running ransomware and botnets who would happily inject things into unencrypted pages being browsed by less mature browsers. TOFU isn't a particularly strong protection, but every layer of the onion and all that.

Comment by tinspin at 16/01/2025 at 10:37 UTC*

-4 upvotes, 1 direct replies

So let me get this straight, you believe that only because you can, you should waste cycles encrypting data that is meant to be public.

That said the perma-cookie + auth with key is interesting, but only works on your own machines, how would you use that to say "pay a bill at the library public computer"?