On 30/11/2009 20:46, Kyle Hamilton wrote:
interesting description folded.
Apache's willingness to do per-Location/per-Directory/per-Whatever
renegotiation for client authentication is what forced us into this
situation in the first place. I believe it should be considered a
bug, and fixed on Apache's side. Unfortunately, few others agree.
I agree. It breaches that fundamental law of the Iang's mind-space:
there is only one mode, and it is secure. Break the law, time folds and
inverts on itself, and Mallory slips between your bytes.
Old military trick: attack between.
Ok, maybe not that dramatic, nobody got breached and nobody died, but it
does seem illogical to add options to such a foolish extent. Adding
options without a clear demand & use-case is just asking for trouble.
Shamefully, there's a lot of it going on in the protocol committees.
One wonders whether there is a correlation between the number of options
and the number of jobs...
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
