- From: Stuart E. Schechter <ses@ll.mit.edu>
- Date: Tue, 09 Jan 2007 11:43:37 -0500
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: W3 Work Group <public-wsc-wg@w3.org>
> Stuart E. Schechter wrote: [Phillip Hallam-Baker wrote] >>>> I have no problem turning on SSL any time at all provided that the user is >>>> not given a false sense of security. Don't show the padlock, maybe warn if >>>> the user actually typed in https://. I agree with Phillip here. I don't see how SSL alone can cause harm if the user doesn't know it was used. If the user requests security (by typing in HTTPS), that's where we could run into trouble. >>> From: Stephen Farrell <stephen.farrell@cs.tcd.ie> >>> In this use case, the content is both encrypted and, "secure," >>> for many reasonable definitions of secure. When you say that the definitions of secure are reasonable, I think it's perfectly reasonable to expect that you will be asked what these definitions are. >> What is the threat model under which you would say this meets a definition >> of secure? > > There are a bunch of reasonable threat models, as I said above. I'm > sure you can think of one, but for the purposes of this discussion, > it doesn't matter in this case which one you pick. I can imagine only one---a passive eavesdropper with no MITM capability. I believe that a great deal of damage has been caused by definitions of "secure" that envision passive adversaries but not active ones. Others are free to their own opinions about when and where this definition of secure may be reasonable. If you have other definitions, it would be enlightening to know what they are. Cheers Stuart
Received on Tuesday, 9 January 2007 16:46:12 UTC