[17640] in cryptography@c2.net mail archive
Re: Feature or Flaw?
daemon@ATHENA.MIT.EDU (Lance James)
Fri Jul 8 15:27:00 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 05 Jul 2005 09:55:24 -0700
From: Lance James <lancej@securescience.net>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: cryptography@metzdowd.com
In-Reply-To: <87r7edrygh.fsf@deneb.enyo.de>
Florian Weimer wrote:
>* Lance James:
>
>
>
>>And as stated above, reverse the effect and it would be the banks in
>>scenarios such as XSS.
>>
>>
>
>In case of XSS or CSRF, you have lost anyway. The web was not
>designed as a presentation service for transaction processing,
>especially if the transactions involve significant value. If you use
>the web for this purpose, it's always a tradeoff.
>
>Maybe it's time to realize that all these web applications together
>form a huge monoculture, and to move on and diversify again.
>
>
Thank you - that was my point essentially. SSL is and always will be for
web a broken concept.
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
