Slashdot Mirror


What's Holding Back Encryption?

nine-times writes "After many years in IT, I've been surprised to notice how much of my traffic is still unencrypted. A lot of businesses that I interact with (both business and personal) are still using unencrypted FTP, and very few people use any kind of encryption for email. Most websites are still using unencrypted HTTP. DNSSEC seems to be picking up some steam, but still doesn't seem to be widely used. I would have thought there would be a concerted effort to move toward encryption for the sake of security, but it doesn't seem to be happening. I wanted to ask the Slashdot community, what do you think the hold up is? Are the existing protocols somehow not good enough? Are the protocols fine, but not supported well enough in software? Is it too complicated to manage the various encryption protocols and keys? Is it ignorance or apathy on the part of the IT community, and that we've failed to demand it from our vendors?"

2 of 660 comments (clear)

  1. Why? by FlyByPC · · Score: 4, Funny

    For most of the Web surfing that I do, full https encryption simply isn't needed. Why do I need encryption (which adds another quite significant protocol layer) to surf Slashdot or CNN or xkcd?

    OK, granted, I probably should use encryption or TOR for that last one or the 'raptors will catch on. But other than that... why?

    --
    Paleotechnologist and connoisseur of pretty shiny things.
  2. Re:Self-signed is no good. by R2.0 · · Score: 5, Funny

    "With a 15 Mbit residential connection and a 2Ghz processor, I find it hard to believe that the performance drop will matter...to me.

    To the server, maybe.

    Oh, and what's wrong with a self-signed cert? The data is still encrypted, isn't it? "

    You flew in a private jet to Congressional hearings, didn't you?

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson