[100972] in North American Network Operators' Group
Re: Creating a crystal clear and pure Internet
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Nov 27 18:24:23 2007
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Jared Mauch <jared@puck.nether.net>, Sean Donelan <sean@donelan.com>,
nanog@merit.edu
In-Reply-To: Your message of "Tue, 27 Nov 2007 22:04:23 +0100."
<87ir3nv1rc.fsf@mid.deneb.enyo.de>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 Nov 2007 18:23:04 -0500
Errors-To: owner-nanog@merit.edu
--==_Exmh_1196205784_2895P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Nov 2007 22:04:23 +0100, Florian Weimer said:
> There's also the issue that you can't reliably tell data (which,
> presumably, does not need to be signed) from code.
And "active content" is what happens when you *intentionally* blur the data/
code distinction.
Unfortunately, it's (a) wildly popular with users and (b) usually horribly done
from a security standpoint.
Unfortunately, "Web 2.0" with its "glue stuff together" approach looks like
it's just going to make things even worse, as clueless developers wedge stuff
together with dangerous interactions and synergies....
--==_Exmh_1196205784_2895P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHTKbYcC3lWbTT17ARAqJjAJ9ZmX7woezhDMiYj7NbYYTB3SXhAACgi9oo
E9O7xTgFNqmfC6FXRJkYeZs=
=7Pq+
-----END PGP SIGNATURE-----
--==_Exmh_1196205784_2895P--