Wilfried Woeber, UniVie/ACOnet wrote:
And we would have to invent just another flag to undo the hiding. This cannot be kept secret for long, so what? (Not doing that would actually require "everyone" to keep a *local* copy of the hash on backup for inclusion in the next update. That's asking for chaos :-( )
No flags. Just hide at all. Or move it to another object and hide whole object (as I proposed a time ago).
While I don't have any objection against implementing TLS/SSL/whatever *if it adds value*, this is not going to make too big a difference: We are dealing here with a public database, and in case you need 2 parties to provide credentials (and both NOT using asy-crypto) then at least 1 party still has to disclose the password/passphrase to the other.
Transport security won't help, really.
Transport security helps to fight with cool people with sniffers. It is a big deal, I think. And it helps just right now, without any changes in DB. Implementing it improves security and doesn't touch current working schema. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)