On Tue, Oct 11, 2016 at 10:54:52PM -0400, Viktor Dukhovni wrote: > > What's odd is not that SMTP and XMPP are immune, but rather > the astonishing subtlety of the Web security model, which > makes web applications vulnerable.
It is combination of HTTP servers being pretty widely misconfig'd in a manner that results in bogus responses to requests (pretty much nobody has similarly misconfig'd SMTP server (as it would be a major problem in other ways), and AFAICT XMPP servers can't even configured that way), combined with the very brittle nature of the same-origin policy. -Ilari _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
