- From: Florian Weimer <fw@deneb.enyo.de>
- Date: Tue, 13 Mar 2007 10:19:48 +0100
- To: Jörg Schwenk <joerg.schwenk@rub.de>
- Cc: "'James A. Donald'" <jamesd@echeque.com>, "'Chris Drake'" <christopher@pobox.com>, <public-usable-authentication@w3.org>
* Jörg Schwenk: > - THE real problem today is mitm with Trojan horses: they have access to > nearly any information available to the browser. A secure mode (where all > plugins are disabled when SSL is enabled) would be needed. And this wouldn't work reliably either because malware isn't restricted to the official browser APIs. There is no easy solution, especially if you are a player with a high market penetration. The best approach today is to avoid creating the impression that the whole mess is your problem. The ISPs are very successful at that, but it looks like browser vendors are losing it.
Received on Wednesday, 14 March 2007 20:33:32 UTC