[17639] in cryptography@c2.net mail archive
Re: Feature or Flaw?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Jul 8 15:26:59 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: Lance James <lancej@securescience.net>
Cc: cryptography@metzdowd.com
Date: Tue, 05 Jul 2005 18:48:14 +0200
In-Reply-To: <42CAAAB7.5070102@securescience.net> (Lance James's message of
"Tue, 05 Jul 2005 08:43:51 -0700")
* Lance James:
> And as stated above, reverse the effect and it would be the banks in
> scenarios such as XSS.
In case of XSS or CSRF, you have lost anyway. The web was not
designed as a presentation service for transaction processing,
especially if the transactions involve significant value. If you use
the web for this purpose, it's always a tradeoff.
Maybe it's time to realize that all these web applications together
form a huge monoculture, and to move on and diversify again.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
