[Interest] Interest Digest, Vol 96, Issue 17

Giuseppe D'Angelo giuseppe.dangelo at kdab.com
Mon Sep 16 15:15:41 CEST 2019 

On 16/09/2019 14:44, Roland Hughes wrote:
> 
> On 9/16/19 5:00 AM, interest-request at qt-project.org wrote:
>> Il 14/09/19 14:53, Roland Hughes ha scritto:
>>> Please keep in mind there is no version of SSL which is secure.
>> Do you have any reference/source for this (quite extraordinary) claim?
> 
> You know, for you it wouldn't matter. It would be a link and you are
> incapable of actually clicking then reading anything which doesn't
> support your opinion. 

So, personal insults right off the bat?


> There are numerous packages on the market which
> cut through SSL like a hot knife through butter.

Any link to ANY of those?


> "60 Minutes" did a
> piece on the best known and most financially successful one but some
> sources say there are around a dozen packages playing at the same level.
> Here's the link which was provided before and I'm sure you didn't bother
> to follow prior to responding.
> 
> https://www.cbsnews.com/news/interview-with-ceo-of-nso-group-spyware-maker-fighting-terror-khashoggi-murder-and-saudi-arabia-60-minutes-2019-08-18/

The link does not talk about breaking SSL. The link is about spyware for 
smartphones. SSL is actually never mentioned, not to mention of course 
breaking it.


I'll reinstate: where is the evidence supporting the claim that "there 
is no version of SSL which is secure"?

This is a super-strong claim on a mailing list read by Qt users, who are 
using SSL in their products, who are relying on Qt to do the right thing 
when it comes to security technologies (and Qt offers SSL-related 
facilities).



> 
>>> Please also keep in mind the big systems are moving towards a TCP/IP
>>> software appliance within the OS. No application will be able to create
>>> or open a port. No application will be able to choose/define the
>>> transport layer security. They will open a logical-resource-handle
>>> provided by the OS and the systems manager will configure if that
>>> resource is I, O, or I/O as well as what the transport level protocols
>>> are. Eventually (within 5 years of adoption) this will be forced out
>>> into the IoT and lesser devices world as well.
>> So long for the "backward compatibility is paramount" promise then.
> 
> That would only be for the hokey code which came from the *nix world.

And Windows.


> For the code which didn't come from a world that did it wrong it is 100%
> backwardly compatible because that is exactly how we did network
> communications. In other words all of the software developed _on_ those
> platforms and _for_ those platforms will be fine. What will be going
> away are the *nix TCP/IP library functions of C/C++ because they are a
> massive security nightmare. There was a time when marketing bowed to the
> pressure from companies which only wanted "free" software on their
> million plus dollar platform, but that has lead to security catastrophe
> after security catastrophe. Now they are in the process of locking them
> back down and just letting people whine an snivel about *nix package not
> being available on the platform.

So we're talking about non-Unix, non-Windows, non-Apple platforms. I.e. 
roughly about 0% of the current market share of Qt. What are Qt users 
(the people who read this very mailing list) going to do with this 
useless information?

-- 
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20190916/28e2cb2d/attachment.bin>

More information about the Interest mailing list