> On Oct 9, 2019, at 4:19 PM, Peter Gutmann wrote:
>
> Paul Walsh via dev-security-policy
> writes:
>
>> The data suggests that automatically issued DV certs for free is a favorite
>> for criminals.
>
> True, but that one's just an instance of Sutton's Law, they go for those
> because they'r
Paul Walsh via dev-security-policy
writes:
>The data suggests that automatically issued DV certs for free is a favorite
>for criminals.
True, but that one's just an instance of Sutton's Law, they go for those
because they're the least effort. I was at a talk yesterday by a pen-tester
who talke
On 10/3/2019 8:44 PM, Matt Palmer via dev-security-policy wrote:
On Thu, Oct 03, 2019 at 05:36:50PM -0700, Ronald Crane via dev-security-policy
wrote:
On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote:
[snip]
I guess I wasn't specific enough. I am looking for a good study that
s
On Thu, Oct 03, 2019 at 05:36:50PM -0700, Ronald Crane via dev-security-policy
wrote:
>
> On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote:
> > [snip]
> > > I guess I wasn't specific enough. I am looking for a good study that
> > > supports the proposition that the Internet communi
On 10/3/2019 2:09 PM, Ryan Sleevi via dev-security-policy wrote:
[snip]
I guess I wasn't specific enough. I am looking for a good study that
supports the proposition that the Internet community has (1) made a
concerted effort to ensure that there is only one authentic domain per
entity (or, at
On Thu, Oct 3, 2019 at 3:45 PM Ronald Crane via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On 10/2/2019 9:44 PM, Peter Gutmann via dev-security-policy wrote:
> > Ronald Crane via dev-security-policy <
> dev-security-policy@lists.mozilla.org> writes:
> >
> >> Please cite
On 10/2/2019 9:44 PM, Peter Gutmann via dev-security-policy wrote:
Ronald Crane via dev-security-policy
writes:
Please cite the best study you know about on this topic (BTW, I am *not* snidely
implying that there isn't one).
Sure, gimme a day or two since I'm away at the moment.
Alternative
Ronald Crane via dev-security-policy
writes:
>Please cite the best study you know about on this topic (BTW, I am *not*
>snidely
>implying that there isn't one).
Sure, gimme a day or two since I'm away at the moment.
Alternatively, there's been such a vast amount of work done on this that a f
On 10/2/2019 3:27 PM, Peter Gutmann wrote:
Ronald Crane via dev-security-policy
writes:
"Virtually impossible"? "Anyone"? Really? Those are big claims that need real
data.
How many references to research papers would you like? Would a dozen do, or
do you want two dozen?
One well-done paper
Paul Walsh writes:
>I would like to see one research paper published by one browser vendor to
>show that website identity visual indicators can not work.
Uhhh... are you serious with that request? You're asking for a study from a
browser vendor, a group who in any case don't publish research p
> On Oct 2, 2019, at 3:27 PM, Peter Gutmann via dev-security-policy
> wrote:
>
> Ronald Crane via dev-security-policy
> writes:
>
>> "Virtually impossible"? "Anyone"? Really? Those are big claims that need real
>> data.
>
> How many references to research papers would you like? Would a doz
Ronald Crane via dev-security-policy
writes:
>"Virtually impossible"? "Anyone"? Really? Those are big claims that need real
>data.
How many references to research papers would you like? Would a dozen do, or
do you want two dozen?
(This has been researched to death, it's not rocket science, gi
12 matches
Mail list logo