security
Alaric Dailey
alaricdailey at hotmail.com
Mon Oct 23 14:37:40 UTC 2006
Only as long as we ignore browser bugs (that allow you to embed nulls and
display something else in the address bar) and DNS poisoning.
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of James A. Donald
Sent: Monday, October 23, 2006 6:38 AM
To: Dick Hardt
Cc: general
Subject: Re: security
Dick Hardt wrote:
> > > This is like saying that all websites should use > > > SSL and we
should stop allowing HTTP because it is > > > insecure. Where would the web
be if all sites had > > > to run SSL to start off with?
James A. Donald:
> > Well for one thing we would not now have a massive > > phishing
crisis.
Dick Hardt
> Uh, pretty much all sites targeted by phishing are > running SSL.
The phishing sites are seldom running SSL. If all sites
*had* to run SSL, this would make phishing substantially more difficult.
More information about the general
mailing list