Back to Top

Friday, December 22, 2006

A mixed bag of comments

A short post of things I found in my Google Reader:


  1. Francesco Sullo2:20 PM

    Hi Cd-MaN, I respect your opinion about aSSL, but all the Ajax world is based on Javascript. If a user disables Javascript, or if its device doesn’t support Javascript, all Ajax applications are useless. [wink]
    About SSL, you are right, but even SSL was once a new project before it became a standard.
    About being useless, I disagree. [1] aSSL is useful in certain contexts and [2] no new ideas are ever useless.

  2. A possible security concern with aSSL:

    If I understand it correctly, the encryption routines are sent unauthenticated via http get. Couldnt a MITM modify the javascript encryption routines (ie weaken them) before they reach the client? Without authentication of the scripts, the security of this scheme appears to be greatly weakened. Is this type of attack accounted for in aSSL?

  3. About aSSL:

    Where is the authentication?
    Who cares if you have bullet proof encryption if all it takes is a simple man in the middle!

    "aSSL is useful in certain contexts and " -> aSSL is useless

    "but all the Ajax world is based on Javascript" -> Sounds like we have another web 2.0 bandwagen wanna be!

    "no new ideas are ever useless." -> Hey I mean I use truecrypt's rot13 module to encrypt all my porn. (N.B. TC does not have rot13)

    "all Ajax applications are useless. " -> I think you need to relise that the word degadeable is more than just a web 2.0 buzz word!