Comments on: A mixed bag of comments

By: Anonymous

Anonymous — Sat, 23 Dec 2006 20:48:15 +0000

A possible security concern with aSSL:

If I understand it correctly, the encryption routines are sent unauthenticated via http get. Couldnt a MITM modify the javascript encryption routines (ie weaken them) before they reach the client? Without authentication of the scripts, the security of this scheme appears to be greatly weakened. Is this type of attack accounted for in aSSL?

By: Anonymous

Anonymous — Sat, 23 Dec 2006 20:48:09 +0000

About aSSL:

Where is the authentication?
Who cares if you have bullet proof encryption if all it takes is a simple man in the middle!

"aSSL is useful in certain contexts and " -> aSSL is useless

"but all the Ajax world is based on Javascript" -> Sounds like we have another web 2.0 bandwagen wanna be!

"no new ideas are ever useless." -> Hey I mean I use truecrypt's rot13 module to encrypt all my porn. (N.B. TC does not have rot13)

"all Ajax applications are useless. " -> I think you need to relise that the word degadeable is more than just a web 2.0 buzz word!

By: Anonymous

Anonymous — Fri, 22 Dec 2006 21:26:47 +0000

Hi Cd-MaN, I respect your opinion about aSSL, but all the Ajax world is based on Javascript. If a user disables Javascript, or if its device doesn’t support Javascript, all Ajax applications are useless. [wink]
About SSL, you are right, but even SSL was once a new project before it became a standard.
About being useless, I disagree. [1] aSSL is useful in certain contexts and [2] no new ideas are ever useless.