[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Web-browser Binding Vulnerabilities + "Cures"
> I don't disagree one single bit on that although the work to > do the URL snatcher > is very limited compared to breaking in into a browser > session and stealing > keys. This type of argument has not had validity for many years, because clever people now write tools that any idiot can use. Witness the death of Undernet. > I absolutely think we should proceed with the use cases > which I still lack > any comments on! See posting "Use cases revisited" which > refers to case #1. I went back to that message and this is what it says: > The use-case is simply scalable e-business with a multitude > of partners, where the > relations may be rather short-lived, the interest in > performing mutual configurations minimal, > and even trust be relatively limited. "Normal" business in > my opinion. I am not surprised there are no comments. This is not a use case. What are the parties what is the configuration? What messages need to pass from where to where for what purpose? I suggest you draft some text and preferably a diagram, along the lines of what appears in the S2ML document and send it to the usecase/requirements group. I am also curious about what you mean by challenge/response. Are you refering to a particular protocol or the use of the general technique of challenge/response? Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC