Feature or Flaw?

Lance James lancej at securescience.net
Tue Jul 5 12:55:24 EDT 2005


Florian Weimer wrote:

>* Lance James:
>
>  
>
>>And as stated above, reverse the effect and it would be the banks in 
>>scenarios such as XSS.
>>    
>>
>
>In case of XSS or CSRF, you have lost anyway.  The web was not
>designed as a presentation service for transaction processing,
>especially if the transactions involve significant value.  If you use
>the web for this purpose, it's always a tradeoff.
>
>Maybe it's time to realize that all these web applications together
>form a huge monoculture, and to move on and diversify again.
>  
>

Thank you - that was my point essentially. SSL is and always will be for 
web a broken concept.

>
>  
>


-- 
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list