[cryptography] SSL is not "broken by design"

James A. Donald jamesd at echeque.com
Sat Sep 24 20:09:48 EDT 2011


On 2011-09-25 4:30 AM, Ben Laurie wrote:
> I'm just saying I think its hard to detect when a password is being
> asked for as part of the risk assessment.

http and https do not know there are such things as logons.  Logons need 
to be built into the protocol, rather than added on top.  Your browser 
should know you are logged on.



More information about the cryptography mailing list