> I agree that deploying token-based security mechanisms may take time in many > countries; so interim security mechanisms are desirable.
True but SSL should be secure too. Not just SSL from banks. I don't know the details of J-Pake etc., but if it could verify a fingerprint to a domain the user has chosen to communicate with (even better without a CA - self signed) then that may be a real step forward as DNSSEC isn't even close to being as secure or as reliable as it should or would need to be. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________ _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security