- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 06 Mar 2012 09:08:23 +0000
- To: Ian Hickson <ian@hixie.ch>
- cc: URI <uri@w3.org>, HTTP Working Group <ietf-http-wg@w3.org>
In message <Pine.LNX.4.64.1203060115180.6189@ps20323.dreamhostps.com>, Ian Hick son writes: >On Tue, 6 Mar 2012, Poul-Henning Kamp wrote: >> >> The major risk is that people understand neither how little privacy this >> buys them, nor how trivially easy it is to compromise that privacy >> accidentally. > >It's not intended that users even know this is being used, so it doesn't >really matter if they don't understand it. Yes, it does matter, it matters a lot, because secrets are only secret if people know they need to keep them secret. That said, the people I was talking about here, were the people who would decide to use this scheme because they are unlikely to understand the implications and limitations of this bad idea. >There's no reason this mechanism couldn't be used with other generic >integrity checking mechanisms, though. There is no reason to standardize something which does not do what people would expect it to. This proposal should be withdrawn with prejudice, it is simply not done to hand people a cryptographic handgrenade of this kind. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 7 March 2012 14:22:32 UTC