[531] in cryptography@c2.net mail archive
Re: SSL weakness affecting links from pa
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Apr 14 12:43:10 1997
To: Tom Weinstein <tomw@netscape.com>
cc: "cryptography@c2.net" <cryptography@c2.net>
In-reply-to: Your message of "Sun, 13 Apr 1997 22:12:50 PDT."
<3351BCD2.218886E6@netscape.com>
Reply-To: perry@piermont.com
Date: Mon, 14 Apr 1997 12:17:31 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Tom Weinstein writes:
> > It does indicate what to look into to avoid it when writing web pages,
> > but it doesn't say how to avoid it when entering your credit card
> > number into a web page, or what to look for as a non-programmer user.
>
> I basically agree with Microsoft. It works as specified, and everyone
> should know that handling sensitive form posts via GET is a bad idea.
Are you seriously suggesting that users should be responsible for
looking at the HTML source of every web page they send credit card
data from?
I do not think this is a reasonable position.
Perry
