Re: Bug#2655: ld.so includes header file, clashes with old libc
Ian Jackson writes:
> No, there are no plans to do that. The WWW is too insecure -
> there's hardly any audit trail for WWW form transactions.
>
> The WWW pages do have links to pages describing what emails to send.
Except for the ease of use issues, I find it hard to imagine how email
can be more secure than www pages.
Essentially, you have a minor bit of security in that you know the ip
address of the machine that's talking to you. Any security above that
must be built into the content of the message, and its correlation
with other messages.
The headers on an smtp message may give some kind of illusion of
security (since they typically involve multiple hops across various
machines, and since they've converged a fair bit across a variety of
email packages) but they really aren't any more trustworthy than the
headers on an http message.
Also, there's less email traffic than www traffic, so I suppose
there's some minor sort of security gained by staying off the beaten
path. This shouldn't be thought of as real security, however. In
particular, making a system harder to use to maintain such security is
at best a waste of time.
----------------------------------------------------------------------
Or, perhaps you're objecting to the lack of continuity across a
sequence of WWW form transactions? If so, you know very well that you
can embed high cardinality values into a form to tie it to previous
forms. [Wasn't it you that set up 12.html?]
--
Raul
Reply to: