Nixpkgs: tcpcryptd should be enabled by default for security.

Created on 1 Sep 2016  路  3Comments  路  Source: NixOS/nixpkgs

So, as part of the hardening process of NixOS, I think tcpcryptd should be enabled by default - it encrypts TCP connections if it's talking to another tcpcryptd-enabled server, otherwise it falls back to standard TCP connections.

picture spacekitteh

Most helpful comment

I think tcpcryptd is a fantastic idea in principle but I'm -1 on enable-by-default. IMHO daemons that rewrite network traffic to that extend should be opt-in (principle of least surprise).

On top of that I'm not convinced that exposing another daemon written in c to the Internet is a great idea :)

picture teh on 3 Sep 2016
👍7

All 3 comments

I think tcpcryptd is a fantastic idea in principle but I'm -1 on enable-by-default. IMHO daemons that rewrite network traffic to that extend should be opt-in (principle of least surprise).

On top of that I'm not convinced that exposing another daemon written in c to the Internet is a great idea :)

teh picture teh on 3 Sep 2016
👍7

Can we close this? Seems to be majority-against.

langston-barrett picture langston-barrett on 29 Jan 2017

I don't see this getting general support and it is easy enough to enable, with e.g. nixops especially for multiple machines.

globin picture globin on 29 Jan 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

retrry picture retrry  路  3Comments
chris-martin picture chris-martin  路  3Comments
ghost picture ghost  路  3Comments
domenkozar picture domenkozar  路  3Comments
ayyess picture ayyess  路  3Comments