[cryptography] SSL is not "broken by design"
nico at cryptonector.com
Mon Sep 19 23:01:15 EDT 2011
On Mon, Sep 19, 2011 at 9:20 PM, Ben Laurie <ben at links.org> wrote:
> On Tue, Sep 20, 2011 at 12:42 AM, James A. Donald <jamesd at echeque.com>
>> The user expects a login screen. Login screens are *not* traditionally
>> full screen, even on cell phones. Therefore, if we take login out of the
>> web page, if the user ceases to expect or perceive login as happening out
>> there on the web, but instead perceives it as happening locally, the user
>> will not expect a full screen login page.
> That is not the issue. The issue is that if an app can be full screen it can
> fake whatever a login window looks like.
Well, not if it doesn't know what screen to fake (that was James' point).
More information about the cryptography