Re: Verizon Wireless ISP-injected tracking info used to reconstruct deleted cookies

On 1/16/2015 2:54 AM, Chris Palmer wrote:
> Surely, you weren't hoping to use evidence of application-layer
> attacks as a reason to not adopt effective application-layer security
> techniques.

No, but I think the TAG can play a useful role in documenting which of the 
problems we see "in the wild" the move to HTTPS will "solve", which it 
won't etc. Not everything we do as a community or that the TAG does can be 
100% effective, but IMO a key role of the TAG is to document tradeoffs, and 
to explain both the strengths and weaknesses of any proposed architectural 
change. In this case, many readers of TAG Findings will be less informed 
than the TAG. I think it will be helpful to clearly say: "This is what we 
can reasonably expect the move to do for HTTPS to do for you; these are 
some of the problems you might naively expect it to solve that it might not."


Received on Friday, 16 January 2015 17:11:18 UTC