Bjoern, please don't take my reassertion of the problem I wanted to talk about as an indication that I consider the problem you want to talk about unimportant. I agree that online ads present an attack surface, and that we should think about that. I'm quite aware that my computer is running programs at the behest of ad networks (well, actually it's not, because I don't allow Flash in my web browser, but I certainly agree with you in principle).
The point of what I said previously was to talk about another attack surface with different characteristics. The problem you are describing is one that's already on the radar of most of us tin-foil-hat wearers. I just wanted to get an additional problem which is similar but really meaningfully different on the radar as well. What's interesting about the http-with-identifying-info attack is that it can be easily prevented by not including identifying info or by using https. Unfortunately the targeted-ad attack can't be addressed in this way, but that doesn't mean that the http-with-identifying-info attack isn't worth addressing. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
