On Mon, Mar 5, 2012 at 6:45 PM, Christopher Howard
<christopher.howard@frigidcode.com> wrote:
> That argument can go around and around, but keep coming back to the
> original requirements. =A0Then, we see that answer to your question is
> irrelevant, because the absolute requirement was bypassed so badly
> that the model was broken. =A0We're not using the SSL security model,
> and haven't been since 1995. =A0So you can do whatever you like, or more
> practically, whatever you feel you can get away with (think about the
> dozens of connections that modern portals fire up, and outsourced
> payment processors and google tools and ...).
We're not using the model at all? This sounds a little FUDdy to me. I
see more and more web sites using the correct model, as I understand
it, where the entire session is encrypted; Facebook, Gmail, Twitter,
etc. Definitely trending in the right direction.
jermudgeon
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Mar 5 21:06:50 2012
This archive was generated by hypermail 2.1.8 : Mon Mar 05 2012 - 21:06:50 AKST