security

Wed Oct 25 09:40:26 UTC 2006

     --
Dan Lyke wrote:
 > That leads to two questions:
 >
 > 1. What exploits do you think this enables?

Rather, let us ask what the cost of fixing it is.

It is usually easier to close a hole than to figure out
what could get through the hole, and there are a great
many cases where a hole was considered unimportant after
lengthy review by a panel of experts, and turned out to
be disastrous.

You have drawn my attention to the unacceptably high
cost of asking the guy whose identity is
http://www.myvanityname.com/me.htm to use
https://www.myvanityname.com/me.htm

So on reflection, we do have to support multiple levels
of security - but this creates problems, which must be
solved.

It is intolerable if this endangers the guy whose
identity is
https://www.bankamerica.com/finance/transactions/vp.htm

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      fe0X5R8RgZOtgKuA7Mhq5swjrzHhPwKq6LLfCowL
      4WKi8+zcSdUowV51dvWhoZwwjHsEeq1uJXpW1nKoi