Hi,
John C Klensin <john-ietf@xxxxxxx> wrote:
> a tool that widens the attack surface for IETF
> participants should require a summary of what is being exposed and
> how and what alternatives might exist.
> participants should require a summary of what is being exposed and
> how and what alternatives might exist.
I don't know how serious this problem is. I've worked on HTML, _javascript_, CSS, and HTTP. I use a hardware security key, although I wish I didn't need to (note to hackers: I no longer have access to anything interesting!).
What I do if there's some crappy tool I don't like is run Incognito Chrome or Brave in an ARM64 Ubuntu VM. That runs just fine on an M1 Macbook Air that retails for $600 at Walmart these days. That price is not that low, but it is much cheaper than 5 days in Vienna or Madrid or San Francisco for an IETF meeting.
The cost to make all of these things work without JS is vast. It is a difficult problem to begin with, and you are really swimming upstream...
thanks,
Rob
