Comment by nomel
11 days ago
It literally is. I do not give a fuck if someone reads or fakes the wind speed from the sensor on my roof.
11 days ago
It literally is. I do not give a fuck if someone reads or fakes the wind speed from the sensor on my roof.
Yeah but you probably don't have that telnet server exposed to the internet. It's fine if it's all local, I have an unencrypted FTP server running on my Xbox but it would be insane to let that be accessible from the internet.
My point is that it's ok to use unencrypted plain text if you don't care if it's read ("it's nothing secret"), AND furthermore you don't care if it's modified.
If you don't care that it's read ("it's nothing secret"), but you do care that it's not modified, you should not use unencrypted plain text. That's why I explained that if you don't care if it's read that is not a sufficient justification to use unencrypted plain text, because then it might be modified, and you might care about that.
You then said that it "literally" is: if you don't care if it's read ("it's nothing secret") that is a sufficient justification to use unencrypted plain text.
But then you proceed to give an example where it is, indeed, ok to use unencrypted plain text, but only because you don't care if it's read ("it's nothing secret"), AND you don't care if it's modified. That is what I have been saying all along. If you were to care that the wind speed from the sensor on your roof is not faked, then you should not use unencrypted plain text.
So again: If you don't care that it's read, AND you don't care if it's modified, then, sure, use unencrypted plain text.
If you don't care that it's read ("it's nothing secret"), but you do care that it's not modified, that is not sufficient justification to use unencrypted plain text. Rather, in addition, you also have to not care if it's modified.
Let me give you an example. Air pressure varies, and airplanes use air pressure to measure altitude, so they need to set their altimeter to the correct air pressure. Now, the air pressure is not secret at all. Anyone could trivially measure it. So, one doesn't care if it's read ("it's nothing secret").
According to your faulty thinking, one could thus use unencrypted plain text to transmit it. However, someone could modify it, giving wrong numbers to the airplane, putting the airplane and the crew in danger. That is not good. No-one cares that the data is read ("it's nothing secret"), but we do care that it is not modified. Thus, do not use unencrypted plain text. Because if you don't care if it is read ("it's nothing secret"), that is not sufficient justification to use unencrypted plain text. You have to, in addition, not care if it is modified.
In your case, you don't care if it is read ("it's nothing secret"), AND you don't care if it modified. But someone else might not care if it is read, but DO care if it is modified.
Do you understand this now, or should I make a full 2x2 matrix with all possibilities and carefully explain each case with examples?