- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 14 Nov 2013 18:57:38 +0000
- To: Tao Effect <contact@taoeffect.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/2013 06:07 PM, Tao Effect wrote: > 2. A false sense of security is _worse_ than knowing you aren't > secure. Protocols do not give any "sense of security" neither true nor false so attempting to argue from that basis is a fallacy IMO. If an example helps, some of the very earliest browsers used to generate session keys very badly - no matter how secure the protocol had been it'd have made no difference. And afaik there's no way to give a "sense of security" that'd capture that. The whole "false sense of security" argument is basically bogus in this context, it could perhaps be meaningful in a UI developer discussion, but not here, no matter how good it sounds. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJShR0fAAoJEC88hzaAX42iZfoH/iXT+3wLrUsJoJyuDMBKJFU1 NrrAoiOmiEcv6Tmyg/eNfE61s5csXukldC9GzobGzfiYk4UD7IklmO+It0APZL0w /14TQpjekDExDZsSUFwtRBY6+aVsIIfihsJw0YUuiI5RVfTQ87Nm+VGqdUi5+zsz VTjZj2BW4dXN78jGGioJN8qeZ2oZ+53db9iinzowqKBF0FD0tCcoFkDOTxBP7Wbo +09JLAlWINYVll8XcZbJpRcs7uFRm56rlGhAY25aPsZRPOoFmCnYyM9nJJO6QXba 3AUlmo91gkIT0eemi1eDGGlbUNC1SblKDj02Ecmlnjhng1S0sTzlgTBH7J3DIyg= =T4O1 -----END PGP SIGNATURE-----
Received on Thursday, 14 November 2013 18:58:06 UTC