Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP AUTH BASIC monowall.

From: Jeremy Bishop <requiem () praetor org>
Date: Mon, 13 Mar 2006 15:39:57 -0800
On Monday 13 March 2006 15:17, Lyal Collins wrote:

Yup, that's right: All PKI authentication is only as good as the
passwords protecting private keys where such passwords exist, and the
complementary endpoint security controls.


<snip>

I thought you might be meaning something like that.  I would say that 
these problems are out of scope for a discussion of secure 
communication protocols.  E.g. Alice is considered synonymous with her 
computer.  Once you open up the possibility that Alice (or Bob) have 
been hacked, there's no real point to discussing how to secure her 
communications.  But in a more pedantic sense, yes, you are correct.

Jeremy

-- 
Fix reason firmly in her seat, and call to her tribunal every fact,
every opinion. Question with boldness even the existence of a god;
because, if there be one, he must approve the homage of reason rather
than of blind-folded fear.
                     -- Thomas Jefferson, 1787

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: