- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 6 Jan 2011 17:21:47 -0500
On Wed, Jan 5, 2011 at 7:47 PM, Glenn Maynard <glenn at zewt.org> wrote: > Javascript injection is a harder problem, for example: it isn't > prevented by SSL, can persist without maintenance (unlike an MITM > attack), can be introduced untracably and without any special network > access (you don't need to "get in the middle"), and so in practice are > much more common than MITM attacks. An XSS attack can still get IP address, and thus usually rough location, so most of what I said still holds. > It's bothered me for a long time that browsers treat self-signed > certificates as *less* secure than plaintext, which is nonsense. Lots of people have written extensive explanations of why browsers do this. Here's one I submitted as a comment to lwn.net a while back, maybe it will clear things up: http://lwn.net/Articles/413600/ > By the way, another real-world issue with SSL is that it's > considerably more computationally expensive: handling encrypted > requests takes much more CPU, especially for high-bandwidth servers. > Not every service can afford to buy extra or more powerful servers to > handle this. Apparently this isn't a real issue anymore in practice. CPUs are fast enough that SSL is no big deal. Google saw only a small load increase when it turned on HTTPS by default for all Gmail users: http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html On Thu, Jan 6, 2011 at 12:21 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote: > How do you revoke it? ?Once someone knows where you are, they know it. You > can't make them stop knowing it. In the context of an attacker who has some particular notion of who you are and wants to connect that to your location, yes. But is this likely to be a common threat? It's all very well to consider worst cases, but the default convenience/security tradeoff has to be calculated according to the typical case, not the worst case. Typical users are the ones who determine market share, and if the web platform refuses to add features that would benefit the typical user because they would hurt atypical users, typical users will choose other platforms. The web platform is so intrinsically convenient that it can remain competitive with conventional applications while erring far on the side of security in convenience/security tradeoffs. But comparably convenient platforms like Flash or mobile app stores will gain more users if the web trades away too much convenience by comparison. Ideally we should try to accommodate all users' security needs without sacrificing convenience, but in cases where that's not possible, atypical users will inevitably have to reconfigure their browsers. Of course, maybe I'm just missing the cases where a reasonably typical user (not, e.g., the target of malicious governments, or stalkers who happen to be hackers) would be attacked in a fashion where anyone would be interested in learning their location once and remembering it. > http://www.technologyreview.com/web/26981/page1/ might be worth reading. Users who use Tor for their web browsing are decidedly atypical, and can be expected to remain so given the inherent performance penalty it imposes.
Received on Thursday, 6 January 2011 14:21:47 UTC