On Jun 19, 2011, at 5:36 05PM, Marsh Ray wrote:
> On 06/18/2011 10:44 PM, Tom Ritter wrote:
>>
>> I got in a discussion recently about this, in the specific case of
>> encrypting something in javascript, and then again in SSL. Trying to
>> avoid the argument over javascript crypto I thought it was absurd that
>> NOT using SSL was a reasonable decision. The response was the 'don't
>> double encrypt' argument, without any real facts to back it up.
>
> Now I've heard everything. Javascript crypto proponents using it as an
> argument against SSL. Tell them that they should use SSL properly and
> consider that an argument against Javascript crypto instead. And hold on to
> your wallet.
They solve different problems, at least if used correctly. SSL secures
the channel; Javascript secures (or can secure) the transmitted object itself.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
