- From: Michaeljohn Clement <mj@mjclement.com>
- Date: Mon, 06 Apr 2009 17:00:49 -0600
- To: Daniel Stenberg <daniel@haxx.se>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Daniel Stenberg wrote: > On Mon, 6 Apr 2009, Adam Barth wrote: >> Here the situation is reversed. Diversity leads to increased security >> risk because mismatches in sniffing create cracks that attackers can >> exploit. > > No, that's the exact same situation as in biology. If there's a single > master race with no quirks, it will conquer them all. But if that master > has a flaw, everyone gets hit. Ah, the dangers of taking an analogy too far... In biology we usually talk about whether a species survives or not. The analogy fails because in browser security, having an exploitable hole in one browser is unacceptable. The goal isn't to throw a range of genetic diversity against a potential extinction event and hope that a few individuals make it alive out the other side; the goal is to provide a secure browsing experience for *all* users. -Michaeljohn
Received on Monday, 6 April 2009 23:01:29 UTC