[What a circus. In the background.]
ENISA recently announced it wants an upgrade of the ‘reliability’ of web seals.
Nice. BUT anything out there will be:
- Copied and replayed at third party sites, differences being inobservable to the average hooman;
- Placed without being warranted for the info presented, at / after some point in time. The ‘certification’ is there, so don’t bother keeping up to ever spiraling up security requirements;
- Valid for some time only, with all sorts of re’certification’ / failed update issues.
All the ENISA talk about automated checking, etc., would be very welcome, but no-one would want the accountability when (not if!) the automated checks are subverted i.e. fail to check at semantic level as well as all the way down. The ‘net just cannot be trusted per se ..!
The principles are nice, and kudos to ENISA for calling out the need for improvement. But the principles will suffer badly when implementation time comes around, and in BAU – between dream and action, there’s laws and practical objections.
So let’s (have someones) pursue this. It’ll take time, and we’ll have to learn from mistakes… but still.