Feature or Flaw?
Lance James
lancej at securescience.net
Tue Jul 5 12:55:24 EDT 2005
Florian Weimer wrote:
>* Lance James:
>
>
>
>>And as stated above, reverse the effect and it would be the banks in
>>scenarios such as XSS.
>>
>>
>
>In case of XSS or CSRF, you have lost anyway. The web was not
>designed as a presentation service for transaction processing,
>especially if the transactions involve significant value. If you use
>the web for this purpose, it's always a tradeoff.
>
>Maybe it's time to realize that all these web applications together
>form a huge monoculture, and to move on and diversify again.
>
>
Thank you - that was my point essentially. SSL is and always will be for
web a broken concept.
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list