[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Web-browser Binding Vulnerabilities + "Cures"
Hal, > If an attacker can run a priviledged program on a client system, there is NO > security mechanism that can protect him or her from stealing all user data, > keys, session tokens, etc. I don't see any reason to spend time on threats > of this type. Not because they are not real, but because nothing in the > protocol can protect against them. You must assume some sort of TCB to make > any progress. I don't disagree one single bit on that although the work to do the URL snatcher is very limited compared to breaking in into a browser session and stealing keys. I absolutely think we should proceed with the use cases which I still lack any comments on! See posting "Use cases revisited" which refers to case #1. Anders
Powered by eList eXpress LLC