Questions tagged [opportunistic-encryption]

Opportunistic encryption is optional encryption without a requirement of authentication, like STARTTLS in SMTP.

Opportunistic encryption is optional encryption without a requirement of authentication, like STARTTLS in SMTP. It is effective against passive attacks (passive tapping of the wire), but is not meant to prevent active ones.

3 questions

votes

2 answers

How can I enable opportunistic encryption for my web-site?

As per an honourable mention in an answer for « Why self-signed https is less trustworthy than unencrypted http? », it appears that there are already two post-Snowden drafts that have to do with the exact topic of opportunistic encryption of http…

asked Jun 30 '14 at 00:55

cnst

1,884
2
19
30

vote

1 answer

Is opportunistic encryption support optional for HTTP/2?

I'm a little unclear on the subject of opportunistic encryption of the HTTP:// address scheme in HTTP/2. According to the bug report, it looks like it's kinda optional, and an afterthought: https://github.com/http2/http2-spec/issues/315 There's also…

tls web-application web-browser webserver opportunistic-encryption

asked Jun 30 '14 at 16:10

cnst

1,884
2
19
30

votes

1 answer

Stolen Remote Desktop Protocol (RDP) credentials

I would like to know how to guard against RDP-renting services such as dedicateexpress.com which rents out stolen corporate laptops credentials. Are there IDS for such events?

encryption rdp opportunistic-encryption

asked Jul 01 '16 at 13:04

BitsInForce