Date: 2007-02-24 09:18 am (UTC)
From: [identity profile] ciphergoth.livejournal.com
Thanks - I hadn't heard of this RFC before. It's a bit unfortunate that you can't mandate security in the URL like you can in https, though - that destroys security against an active attacker. Their argument about why it isn't a problem is nonsense - they assume that the URL will arrive over an unauthenticated channel, and there's no reason to assume that.

Googling around, it looks like Eric Rescorla has found other serious problems. Damn, I was optimistic there.

http://mailman.mit.edu/pipermail/saag/2001q4/000256.html
(will be screened)
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of people who comment anonymously.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

ciphergoth: (Default)
Paul Crowley
My Website

January 2025

S M T W T F S
   1234
5678 91011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Dec. 24th, 2025 07:37 pm
Powered by Dreamwidth Studios