W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 28 Mar 2012 08:15:29 +0000
To: Willy Tarreau <w@1wt.eu>
cc: Henry Story <henry.story@bblfish.net>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <28026.1332922529@critter.freebsd.dk>
In message <20120328064015.GF17071@1wt.eu>, Willy Tarreau writes:

>We'll just lower the overall security by applying the same security
>enforcement to all sites. Connecting to your bank or to you WiFi
>router's admin page will look equally safe. I don't think this is the
>intent of this move, really.

A very good observation:  If you don't make people able to distinguish
between high-value targets to protect and junk which they don't
care about, you've just made the banks and users security problems
much bigger.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 08:16:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT