[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: ssl auth failure gui: does "continue" do what I think it does?
From: Michael Pyne <mpyne () purinchu ! net>
Date: 2009-06-05 22:57:32
Message-ID: 200906051857.32967.mpyne () purinchu ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Friday 05 June 2009 18:36:50 Jeff Mitchell wrote:
> Nicholas Tung wrote:
> > Exactly, you get encryption without authentication, which is useless for
> > security unless you've accepted it before via a secure connection to the
> > machine. In which case, see comment below...
>
> No, it's useless for authentication. It's entirely useful for
> encryption, if that is all that you require for your security needs.
In all fairness, typically encryption is used to prevent people from snooping
in on the conversation between you and the destination. But without
authentication, there's no way for you to know that the destination is not
itself an adversary. So it's a layer of protection against those who can't
mount a man-in-the-middle attack but that's probably trivially scriptable at
this point so it's not even much of a good layer.
I'm not sure the Firefox full-blown deathmarch is the way to go but we could
probably use some improvement here (as you've already mentioned yourself, in
the example of the confirmation dialog).
Regards,
- Michael Pyne
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic