W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2010

[whatwg] meta="encrypt" tag is needed

From: Maciej Stachowiak <mjs@apple.com>
Date: Sat, 08 May 2010 02:31:03 -0700
Message-ID: <2AD5ED01-A437-4D47-A930-883FECD00759@apple.com>

On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote:

>
> In fact, do you know of *any* examples of MITM attacks being
> successfully used against a public website?  It's not that I doubt
> that it's happened, but I don't actually know of any specific cases.
> In principle, you should be able to harvest lots of passwords by
> dropping some free wireless routers in strategic locations.
>
> (There's still an entirely different fatal problem with what you
> quoted, though: if you aren't worried about MITM, then encryption is
> pointless to begin with.  I don't dispute your conclusion.  :) )

"Pharming" is effectively a man-in-the-middle, and in particular would  
be 100% effective at defeating the proposed security feature. It is  
extremely common, to the point that it is considered one of the major  
security risks on the Web.

http://en.wikipedia.org/wiki/Pharming

Regards,
Maciej
Received on Saturday, 8 May 2010 02:31:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:23 UTC