- From: Bill McQuillan <McQuilWP@pobox.com>
- Date: Mon, 6 Apr 2009 17:11:16 -0700
- To: IETF HTTP WG <ietf-http-wg@w3.org>
On Mon, 2009-04-06, Adrien de Croy wrote: > Michaeljohn Clement wrote: >> Daniel Stenberg wrote: >> >> Ah, the dangers of taking an analogy too far... >> >> In biology we usually talk about whether a species survives or not. >> The analogy fails because in browser security, having an exploitable >> hole in one browser is unacceptable. The goal isn't to throw a range >> of genetic diversity against a potential extinction event and hope that >> a few individuals make it alive out the other side; the goal is to >> provide a secure browsing experience for *all* users. >> > sure that's the goal. But what if you get the algorithm wrong? It's > still humans designing this right? If there is an exploit to the > algorithm, then potentially any browser that uses it is vulnerable. > It's difficult to foresee the future. It's also difficult to guarantee > that the algorithm will be bullet-proof forever and withstand any attack. > The potential down-side if all browsers are found to have a > vulnerability is difficult to estimate. It could be enormous. Not to worry. I am sure that before all browsers have upgraded to the standard, someone will come up with an "improved" algorithm (or think she has) and will implement that instead since it is "just an efficiency improvement" thus starting a fork that will quickly lead to a "new species". And she won't be the only one. -- Bill McQuillan <McQuilWP@pobox.com>
Received on Tuesday, 7 April 2009 00:24:18 UTC