W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Questions about draft-abarth-mime-sniff-00

From: Michaeljohn Clement <mj@mjclement.com>
Date: Mon, 06 Apr 2009 17:00:49 -0600
Message-ID: <49DA89A1.8070600@mjclement.com>
To: Daniel Stenberg <daniel@haxx.se>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Daniel Stenberg wrote:
> On Mon, 6 Apr 2009, Adam Barth wrote:
>> Here the situation is reversed.  Diversity leads to increased security
>> risk because mismatches in sniffing create cracks that attackers can
>> exploit.
> 
> No, that's the exact same situation as in biology. If there's a single
> master race with no quirks, it will conquer them all. But if that master
> has a flaw, everyone gets hit.

Ah, the dangers of taking an analogy too far...

In biology we usually talk about whether a species survives or not.  
The analogy fails because in browser security, having an exploitable 
hole in one browser is unacceptable.  The goal isn't to throw a range 
of genetic diversity against a potential extinction event and hope that 
a few individuals make it alive out the other side; the goal is to 
provide a secure browsing experience for *all* users.

-Michaeljohn
Received on Monday, 6 April 2009 23:01:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:02 GMT