[Cryptography] practical verifiable systems -- forensic and otherwise, cheap and otherwise

Bill Frantz frantz at pwpconsult.com
Thu Mar 5 13:21:07 EST 2015

On 3/5/15 at 6:35 AM, leichter at lrw.com (Jerry Leichter) wrote:

>Side note:  You might think, hey, maybe there's a market here 
>for a browser designed for industrial, not consumer, 
>applications.  Support just the bare minimum needed; throw out 
>all the cruft needed for consumer movie sites and such.  
>Unfortunately, there's no hope in that direction:  While the 
>Intel examples in that presentation show pretty basic Web 
>pages, the management pages presented by many other devices are 
>full of the latest fancy gimmicks.

If you're into tilting at windmills: I have run my browser with 
flash turned off for years. I read the rate of serious security 
bugs in flash, and it is worse that IE in a bad month. The 
result is that until utube went to HTML5, I couldn't see any of 
the videos people linked in their emails. Oh well. I don't 
generally go to movies either. YMMV

I could see an organization being hard nosed about the 
situation. Put up a browser which only supports a limited suite 
of protocols, based on a security analysis. Use it on the 
internal network, with no access to an external network (via 
firewall perhaps) so your operators can't upgrade it to run 
things like flash. (And fire them if they try.) (If they want to 
watch movies, let them use their phones.) Specify in your RFPs 
for equipment that the management interfaces for that equipment 
must run with a browser that only supports the listed protocols. 
Even a failed attempt, if well publicized, might push the 
industry in the right direction.

Cheers - Bill

Bill Frantz        | "The only thing we have to   | Periwinkle
(408)356-8506      | fear is fear itself." - FDR  | 16345 
Englewood Ave
www.pwpconsult.com | Inaugural address, 3/4/1933  | Los Gatos, 
CA 95032

More information about the cryptography mailing list