- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Wed, 28 Mar 2012 08:15:29 +0000
- To: Willy Tarreau <w@1wt.eu>
- cc: Henry Story <henry.story@bblfish.net>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
In message <20120328064015.GF17071@1wt.eu>, Willy Tarreau writes: >We'll just lower the overall security by applying the same security >enforcement to all sites. Connecting to your bank or to you WiFi >router's admin page will look equally safe. I don't think this is the >intent of this move, really. A very good observation: If you don't make people able to distinguish between high-value targets to protect and junk which they don't care about, you've just made the banks and users security problems much bigger. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 08:16:02 UTC