Florian Weimer wrote:

* Lance James:

And as stated above, reverse the effect and it would be the banks in scenarios such as XSS.

In case of XSS or CSRF, you have lost anyway.  The web was not
designed as a presentation service for transaction processing,
especially if the transactions involve significant value.  If you use
the web for this purpose, it's always a tradeoff.

Maybe it's time to realize that all these web applications together
form a huge monoculture, and to move on and diversify again.

Thank you - that was my point essentially. SSL is and always will be for web a broken concept.

Best Regards,
Lance James
Secure Science Corporation
Author of 'Phishing Exposed'
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to