Re: AW: AW: AW: WebSocket API: close and error events from Glenn Maynard on 2011-10-25 (public-webapps@w3.org from October to December 2011)

From: Glenn Maynard <glenn@zewt.org>
Date: Tue, 25 Oct 2011 19:37:49 -0400
To: Ian Hickson <ian@hixie.ch>
Cc: Tobias Oberstein <tobias.oberstein@tavendo.de>, Simon Pieters <simonp@opera.com>, "public-webapps@w3.org" <public-webapps@w3.org>
Message-ID: <CABirCh_mwK9zqGB1gwsb7gSovPV-N9jrY7-fwtpqCCnY9yszvw@mail.gmail.com>

On Tue, Oct 25, 2011 at 6:32 PM, Ian Hickson <ian@hixie.ch> wrote:

> Sure, there are specific cases where one is easier than the other. There
> are also specific cases where it's easier to just send malware to the user
> than attempt a passive attack. That doesn't mean that we should just
> protect against malware and pretend that a passive attack is not a
> problem, just like we shouldn't pretend that active attacks are not a
> significant risk and thus should allow self-signed certs.
>

I didn't say any of these things.

I said encryption without a trusted signature is not useless.  Encryption is
always better than no encryption, whether or not you have a trusted
certificate.  Reducing the safe, undetectable, easily-scalable passive
attacks is a significant win.

(That doesn't mean the behavior in this particular case is wrong.  Adam is
almost certainly right: regular users have enough trouble with top-level
certificates, and the subresource complication on top of that is probably
too much.  But please, stop equating unsigned crypto to cleartext.)

-- 
Glenn Maynard

Received on Tuesday, 25 October 2011 23:38:16 UTC