On Tue, 01 Dec 2015 00:15:23 +1000, Léonie Watson
wrote:
From: Chaals McCathie Nevile [mailto:cha...@yandex-team.ru]
Sent: 26 November 2015 01:55
it appears that there are some people may not be able to attend a
meeting
on the 29th - although Apple has generously offered to host that day.
Let's keep this discussion civil, please.
The reasons behind blocking of non-secure WebSocket connections from secure
contexts are laid out in the following document:
http://www.w3.org/TR/mixed-content/
A plaintext ws:// connection does not meet the requirements of
authentication, encryption and
On Mon, Nov 30, 2015 at 10:45 PM, Richard Barnes
wrote:
> 1. Authentication: You know that you're talking to who you think you're
> talking to.
>
And then Dell installs a their own root authority on machines they ship, or
your CA of choice gets pwn'ed or the NSA uses some undisclosed backdoor in
On Mon, Nov 30, 2015 at 8:35 PM, Aymeric Vitte
wrote:
> What are you talking about?
>
> The logjam attack just shows that you (spec security experts of major
> internet companies) are incompetent, or just knew about it.
>
> You don't know Tor "plenty well", I am not referring at all to hidden
> s
What are you talking about?
The logjam attack just shows that you (spec security experts of major
internet companies) are incompetent, or just knew about it.
You don't know Tor "plenty well", I am not referring at all to hidden
services, the fb case, or the ridiculous related case of a https cert
How about the many of the Tor endpoints being compromised? Does that
show a complete failure of Tor? I would say no.
http://www.ibtimes.co.uk/tor-anonymity-network-compromised-following-potential-raid-by-law-enforcement-agencies-1480620
Most folks who really care about this stuff use Tor and us
On Mon, Nov 30, 2015 at 5:52 PM, Aymeric Vitte
wrote:
> You must be kidding, the logjam attack showed the complete failure of
> TLS
Sure, protocols have bugs, and bugs get fixed. The things we require for
HTTPS aren't even design goals of Tor.
> and your 1/2/3 (notwithstanding the useless d
You must be kidding, the logjam attack showed the complete failure of
TLS and your 1/2/3 (notwithstanding the useless discussions about CAs &
co), which does not apply to the Tor protocol that you don't know
apparently but that fulfills 1/2/3
I am not a Tor advocate, this is just an example illust
On Mon, Nov 30, 2015 at 4:39 PM, Aymeric Vitte
wrote:
> Not sure that you know what you are talking about here, maybe influenced
> by fb's onion things, or you misunderstood what I wrote.
>
> I am not talking about the Tor network, neither the Hidden services, I
> am talking about the Tor protoco
Not sure that you know what you are talking about here, maybe influenced
by fb's onion things, or you misunderstood what I wrote.
I am not talking about the Tor network, neither the Hidden services, I
am talking about the Tor protocol itself, that's different and it is
known to be strong, but this
“Secure against which threats?” is the question. TLS, with its stronger crypto,
is more secure against an adversary that wants to read the content of your
messages. ToR is more secure against an adversary that wants to detect that you
visit a particular site, are associated with particular socia
I don't think there is universal agreement among browser engineers (if
anyone agrees at all) with your assertion that the Tor protocol or even Tor
hidden services are "more secure than TLS". TLS in modern browsers
requires RSA 2048-bit or equivalent authentication, 128-bit symmetric key
confidenti
Redirecting this to WebApps since it's probable that we are facing a
design mistake that might amplify by deprecating non TLS connections. I
have submitted the case to all possible lists in the past, never got a
clear answer and was each time redirected to another list (ccing
webappsec but as a who
> From: Chaals McCathie Nevile [mailto:cha...@yandex-team.ru]
> Sent: 26 November 2015 01:55
> it appears that there are some people may not be able to attend a meeting
> on the 29th - although Apple has generously offered to host that day.
>
> Is there anyone who would only be able to attend if w
On 11/30/2015 02:31 PM, Xiaoqian Wu wrote:
> This is a call for comments regarding the next step of Web Workers.
>
> The latest [TEST RESULTS] of Web Workers indicate that Dedicated
> Workers have been widely implemented by the major browser vendors.
>
> [Diff] between the latest W3C WD and the W
> On 30 Nov 2015, at 10:02 PM, Boris Zbarsky wrote:
>
> On 11/30/15 8:31 AM, Xiaoqian Wu wrote:
>> The latest [TEST RESULTS] of Web Workers indicate that Dedicated Workers
>> have been widely implemented by the major browser vendors.
>
> Compatibly? Last I checked, for example, Blink doesn't
On 11/30/15 8:31 AM, Xiaoqian Wu wrote:
The latest [TEST RESULTS] of Web Workers indicate that Dedicated Workers have
been widely implemented by the major browser vendors.
Compatibly? Last I checked, for example, Blink doesn't support
Dedicated Workers inside workers, only inside Window. I
This is a call for comments regarding the next step of Web Workers.
The latest [TEST RESULTS] of Web Workers indicate that Dedicated Workers have
been widely implemented by the major browser vendors.
[Diff] between the latest W3C WD and the WHATWG living standard suggests
substantial changes ab
18 matches
Mail list logo
