On 8 October 2014 16:14, Chris Palmer <palmer@google.com> wrote: > It's a bit of a tangent, I agree. And I apologize for not making it > clear that I believe all of these questions are intertwined: > > * Why should we pay the cost of developing and deploying a security > mechanism if its guarantee is not strong enough to justify even a > 1-bit a user-visible promise? Keep in mind that resources spent > defeating purely passive attacks are resources that cannot be spent on > stronger mechanisms. > > * Why should users trust an origin that cannot make a promise? (With > their cameras and microphones?) > > * Why should we believe the cost differential between active and > passive attack is large? At this point, I'd request that the chair's truncate this tangent. What is surprising here, is that this is one of the last places I expected to see such a vehemently argued version of this argument. We'll take every opportunity, I guess, when someone is wrong on the Internet.Received on Thursday, 9 October 2014 00:19:49 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC