[whatwg] meta="encrypt" tag is needed
mjs at apple.com
Sat May 8 02:31:03 PDT 2010
On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote:
> In fact, do you know of *any* examples of MITM attacks being
> successfully used against a public website? It's not that I doubt
> that it's happened, but I don't actually know of any specific cases.
> In principle, you should be able to harvest lots of passwords by
> dropping some free wireless routers in strategic locations.
> (There's still an entirely different fatal problem with what you
> quoted, though: if you aren't worried about MITM, then encryption is
> pointless to begin with. I don't dispute your conclusion. :) )
"Pharming" is effectively a man-in-the-middle, and in particular would
be 100% effective at defeating the proposed security feature. It is
extremely common, to the point that it is considered one of the major
security risks on the Web.
More information about the whatwg