W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: How HTTP 2.0 mandatory security will actually reduce my personal security

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Fri, 15 Nov 2013 08:16:05 +0100
Message-ID: <6782ac89952bcbc3a127f037344c1b75.squirrel@arekh.dyndns.org>
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Bruce Perens" <bruce@perens.com>, "HTTP Working Group" <ietf-http-wg@w3.org>

Le Ven 15 novembre 2013 07:57, Roberto Peon a écrit :
> What is your threat model?

The threat model is
1. developer that makes information leak trough incompetence, laziness,
sloppiness or greed (cf all the info your average android app wants to
access)
2. attacker that does not need to penetrate target anymore can just
collect the leaked info at endpoints (see also: Snowden)
3. protocol that prevents anyone doing anything about it by default

-- 
Nicolas Mailhot
Received on Friday, 15 November 2013 07:16:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC