[cryptography] How to safely produce web pages from multiple sources?

Florian Weimer fw at deneb.enyo.de
Thu Aug 30 15:03:18 EDT 2012


* James A. Donald:

> How does Bob make sure his web page cannot have its secrets leaked,
> nor can the content that Bob intends to control be controlled by
> Malloc, so that Malloc cannot man-in-the-middle, cannot spy on, nor
> change, the conversation between Bob and Carol, cannot lead Carol to
> think Bob said something different from that which he intended to say,
> nor lead Bob to think that Carol clicked on something other than that
> which she clicked on?

Serve the content from a different domain, possibly using an IFRAME.
The browser security model is supposed to make this safe.

This does not prevent semantic attacks, when users get confused about
which web site they are actually using.



More information about the cryptography mailing list