- From: Adrien W. de Croy <adrien@qbik.com>
- Date: Wed, 28 Mar 2012 08:29:46 +0000
- To: "Henry Story" <henry.story@bblfish.net>, "Willy Tarreau" <w@1wt.eu>
- Cc: "Martin Thomson" <martin.thomson@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
------ Original Message ------ From: "Henry Story" <henry.story@bblfish.net> > >So your argument is stronger, since you argue that a lot of computers are malware >infested. Of course there the thing to do is for banks to add other methods of >verification or notification, > you're right on this count. One of my banks used to rely just on SSL/TLS. Now I have to carry a watch-word around... in fact 3 of them for my 3 banks. Are you suggesting websites should all start issuing physical security devices so that people can enjoy their site with REAL security or are you happy with the illusion. Maybe a better metaphor would have been the Matrix. We're not looking for blue pills here. >> >> >>We'll just lower the overall security by applying the same security >>enforcement to all sites. Connecting to your bank or to you WiFi >>router's admin page will look equally safe. >> > > >Ah it is the "look" of security that is worrying you? Going to a bank should >"look" more secure that your router's admin page? But your router admin page >should be just as secure as the bank if possible, since that is another vector >of attack. > he meant the opposite. We're not interested in something masquerading as security. If we're going to place the cost on the world, it needs to provide actual security. >> >>I don't think this is the >>intent of this move, really. >> >>Willy >> >> > > >Social Web Architect >http://bblfish.net/ > > > >
Received on Wednesday, 28 March 2012 08:30:20 UTC