There are SO MANY flaws in the message to which I'm replying that I scarcely know where to begin. In this message, I'm just going to address just one, one that contains a false accusation.
Nelson, you said:
"If someone could show you a massive on-going MITM attack on http and https, affecting thousands of users, how would that influence your position? Please do answer that."
So I did. Now, I wrote that in a hurry, so you are totally correct to pick up the exagerations in the claim of where the numbers came from. When you said "affecting thousands of users" I took that as the starting point, so *all* the numbers did not come from you.
Apologies for that loose attribution.
> None of the numbers in the text quoted above came from me. > I doubt most of them are even approximately correct.
You picked an illustrative number "thousands", and I agree your number wasn't correct - if it was, please give us a source. Your lead appears hypothetical, and I followed.
Labelling these minor quibbles as "false accusations" might make someone else think that you are not being serious, and trying to avoid the real substance of the debate. As you asked a serious question, please respond to that which you asked for, and let me know of the "SO MANY flaws" there.
iang
PS: for an additional example on how to construct a risk- benefit analysis as one input into a security model, see this link:
http://www.schneier.com/crypto-gram-0404.html#4
By Bruce Schneier and Paul Kocher. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
