Re: [Chicken-users] OpenSSL egg option defaults poll

[John Cowan]

Florian Zumbiehl scripsit:

> I am not sure I understand what you mean--you never can protect against a
> client that doesn't want to protect the session, they always could just
> publish the session key, or the decrypted data, or whatever. The protection
> should always focus on third parties that try to undermine the security.

There is a difference between a malicious client designed to harm the user,
and a merely ignorant client that thinks it's doing the Right Thing but isn't.
It's the second kind of client that we need to defend against.

-- 
John Cowan          http://www.ccil.org/~cowan        address@hidden
Today an interactive brochure website, tomorrow a global content
management system that leverages collective synergy to drive "outside of
the box" thinking and formulate key objectives into a win-win game plan
with a quality-driven approach that focuses on empowering key players
to drive-up their core competencies and increase expectations with an
all-around initiative to drive up the bottom-line. --Alex Papadimoulis