|
|
|
|
|
|
by icebraining
3375 days ago
|
|
|
Frankly, regarding MITM, that paper is just nonsense. How can it "ensure contents of a message are secure on the 'wire', by encrypting with a secondary scheme between the JavaScript client and the server", when you can't even guarantee that the signing and encryption code isn't tampered with in-flight? And you can't guarantee that you can notify either, and for the same reason. The code that leaves your server won't be the code that actually runs on the client - it'll be a mutated version that will say "everything is OK" and acts normally to your server while it sends all the data somewhere else. Nothing has changed since [1] was written; I don't see how that is anything but DRM promising more than it can deliver. [1] https://www.nccgroup.trust/us/about-us/newsroom-and-events/b... |
|
|