this post was submitted on 29 Jan 2024
106 points (96.5% liked)
Technology
59287 readers
5186 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is the answer.
IP lacks security. It was discussed when it was being developed, and decided it required too much overhead at the time (um, yea, sure, right).
Bottom line: no reason today for every connection to not be encrypted. It's trivial for our pocket computers to do.
Edit: haha a bunch of downvoters. Show me any company that doesn't require a vpn/encrypted tunnel to connect to the company from outside? In the 90s, over dialup, SECUREID cards were used to validate a connection - it wasn't encrypted, but being a dialup it at least validated who you were.
Encrypted connections everywhere should be the default.
I think you're being down voted because IP and encryption serve very different purposes in different ways. Look into the OSI model, which is the standard for modern network connectivity. IP lives at layer 3, network. TCP lives at layer 4. Encryption, such as SSL, lives at layer 6. I'm not even really sure how the IP layer would even have security, short of a VPN, which itself breaks the mesh network model.
Also, the Internet and many of its standard protocols were created a very long time ago. TCP/IP was created in 1974. The "Internet" at that point was acoustic couplers and directly dialing your destination, typically a university or major research company.
I agree that all websites should be HTTPS these days. It's why Google has been pushing it (and punishing those that don't) since 2017. But it's built on ancient designs.