- From: Adam Barth <w3c@adambarth.com>
- Date: Mon, 22 Jun 2009 15:24:45 -0700
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Ian Hickson <ian@hixie.ch>, Anne van Kesteren <annevk@opera.com>, Mark Nottingham <mnot@mnot.net>, public-webapps@w3.org
On Mon, Jun 22, 2009 at 3:09 PM, Tyler Close<tyler.close@gmail.com> wrote: >> Why do you assume my router has a private IP address? > > Because it does? I've used several networks that used several networks that used public IP addresses behind firewalls and that relied on connectivity security. If I recall correctly, the network at the computer science department at Stanford is configured this way and they use connectivity to control access to their printers. In any case, I don't think it's a robust assumption for the future of web security. What happens when IPv6 causes every toaster to have a public IP address? >> It seems fragile and magical to hang our hat on that for security. > > No more fragile and magical than a home router hanging its hat on > connectivity for security. Now we're going in circles. I've given you a number of use cases where connectivity security makes sense. You alternatively insist that (1) connectivity / IP-based authentication is a fragile/bad idea and (2) that you aren't insisting that! > That's not an accurate portrayal of my argument. Try again. Can you explain your argument in simple steps like the above? I clearly don't understand your position. Adam
Received on Monday, 22 June 2009 22:25:42 UTC