TLS break

Chimpy McSimian IV, Esq. mr.monkey at
Tue Nov 10 19:43:55 EST 2009

On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni
<Victor.Duchovni at> wrote:

> attack, checking "Referrer" headers is no longer effective, so anti-CSRF
> defenses have to be more sophisticated (they *should* of course be more

Checking the Referer header never was effective. It's not even
guaranteed to be present, let alone true.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list