- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Wed, 20 Nov 2013 01:35:59 +0000
- To: Roberto Peon <grmocg@gmail.com>
- cc: Mark Nottingham <mnot@mnot.net>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
In message <CAP+FsNdj-Ng02OA8CKT11fiVBp-zYwdYH9v+-ZZ+eCLMyX3w8g@mail.gmail.com> , Roberto Peon writes: >Being able to run a handshake in parallel with whatever else can only >happen when one doesn't need or want the integrity handshake, which is >necessary for detecting a malicious filtering MITM (and yes one can never >*prevent* such, but detection is quite important). My impression of the average site needing protection is that they send me 100k of graphics to wrap around the two protected entry fields for "username" and "password". I dont get the impression that they're particularly worried about the integrity of the stock-photo of some smiling model or for that matter the company logo or... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 20 November 2013 01:36:22 UTC