W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Questions about draft-abarth-mime-sniff-00

From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 7 Apr 2009 00:03:28 +0200 (CEST)
To: Adam Barth <w3c@adambarth.com>
cc: Adrien de Croy <adrien@qbik.com>, Lisa Dusseault <lisa.dusseault@messagingarchitects.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <alpine.DEB.2.00.0904070000150.11890@yvahk2.pbagnpgbe.fr> 
On Mon, 6 Apr 2009, Adam Barth wrote:

>> From a purely biological view, having no diversity leads to increased risk.
>
> Here the situation is reversed.  Diversity leads to increased security risk 
> because mismatches in sniffing create cracks that attackers can exploit.

No, that's the exact same situation as in biology. If there's a single master 
race with no quirks, it will conquer them all. But if that master has a flaw, 
everyone gets hit.

Alas, if the one and only method is found to have a flaw at a future date, 
*all* browsers will have that flaw (assuming all would manage to and want to 
adhere to the same spec). Letting everyone do it there own way of course make 
the risk of them all having the exact same flaw less likely.

-- 

  / daniel.haxx.se
Received on Monday, 6 April 2009 22:03:57 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:19 UTC