- From: Chris Palmer <palmer@google.com>
- Date: Wed, 8 Oct 2014 17:37:15 -0700
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, Justin Uberti <juberti@google.com>, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Wed, Oct 8, 2014 at 4:06 PM, Eric Rescorla <ekr@rtfm.com> wrote: > Yes, this is the difference between an active and a passive attack, which > is the context that you elided in your response here. See below and > note the asterisks which are intended to call your attention to the > word "passive". The crux of the issue is that the user cannot know that only passive attackers, and not active attackers, are in play against them. Therefore they must assume that active attackers are in play. And therefore that OE is insufficient as a defense.
Received on Thursday, 9 October 2014 00:37:42 UTC