[13842] in cryptography@c2.net mail archive
Re: [Fwd: BugTraq - how to coverup the security]
daemon@ATHENA.MIT.EDU (Sean Smith)
Mon Jul 14 21:09:28 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Mon, 14 Jul 2003 20:29:07 EDT."
<3F134AD2.137A67EA@systemics.com>
From: Sean Smith <sws@cs.dartmouth.edu>
Reply-To: Sean Smith <sws@cs.dartmouth.edu>
Date: Mon, 14 Jul 2003 20:51:11 -0400
Does this really surprise anyone?
When I had some students try this out (providing content
that browsers render in a way that makes it look like security
info from the browser) a few years ago, there was just no end
to the tricks one could play...
If you don't design a trusted path into the system, why should
you expect there to be one?
--Sean
Sean W. Smith, Ph.D. sws@cs.dartmouth.edu
http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
