W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-snell-httpbis-keynego-01.txt

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 20 Nov 2013 01:35:59 +0000
To: Roberto Peon <grmocg@gmail.com>
cc: Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <41459.1384911359@critter.freebsd.dk>
In message <CAP+FsNdj-Ng02OA8CKT11fiVBp-zYwdYH9v+-ZZ+eCLMyX3w8g@mail.gmail.com>
, Roberto Peon writes:

>Being able to run a handshake in parallel with whatever else can only
>happen when one doesn't need or want the integrity handshake, which is
>necessary for detecting a malicious filtering MITM (and yes one can never
>*prevent* such, but detection is quite important).

My impression of the average site needing protection is that they
send me 100k of graphics to wrap around the two protected entry
fields for "username" and "password".

I dont get the impression that they're particularly worried about
the integrity of the stock-photo of some smiling model or for
that matter the company logo or...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 20 November 2013 01:36:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC