[whatwg] meta="encrypt" tag is needed

Maciej Stachowiak mjs at apple.com
Sat May 8 02:31:03 PDT 2010


On May 7, 2010, at 1:40 PM, Aryeh Gregor wrote:

>
> In fact, do you know of *any* examples of MITM attacks being
> successfully used against a public website?  It's not that I doubt
> that it's happened, but I don't actually know of any specific cases.
> In principle, you should be able to harvest lots of passwords by
> dropping some free wireless routers in strategic locations.
>
> (There's still an entirely different fatal problem with what you
> quoted, though: if you aren't worried about MITM, then encryption is
> pointless to begin with.  I don't dispute your conclusion.  :) )

"Pharming" is effectively a man-in-the-middle, and in particular would  
be 100% effective at defeating the proposed security feature. It is  
extremely common, to the point that it is considered one of the major  
security risks on the Web.

http://en.wikipedia.org/wiki/Pharming

Regards,
Maciej




More information about the whatwg mailing list