[cap-talk] Webkeys vs. the web
ihab.awad at gmail.com
ihab.awad at gmail.com
Wed Apr 1 18:22:22 EDT 2009
On Wed, Apr 1, 2009 at 3:14 PM, Raoul Duke <raould at gmail.com> wrote:
> if that is the case, it doesn't seem strong enough to me, because it
> seems like the danger is arbitrarily great. packet sniffers can get
> those plain text caps no problem, no?
>
The position I'm arguing for [which is probably my position also, but I'm
not sure ... ;) ] would be that these are protected by using HTTPS.
And more broadly: the problem is not protecting users from the *ability* to
share. It is protecting them from the risk of *inadvertently* sharing
something the implications of which are not intuitive for them.
If web apps invent some new contraption, like a rectangular box containing a
spinning diamond or whatever, that represents "a valuable webkey", and if we
educate users about what that means, then at that point we have empowered
*and* informed them and -- by our favorite model at any rate -- all is well.
Ihab
--
Ihab A.B. Awad, Palo Alto, CA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20090401/3ff9f61b/attachment.html
More information about the cap-talk
mailing list