[dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

To: "Nicolas Williams" <Nicolas.Williams at sun.com>
Subject: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
From: "Robert Sayre" <sayrer at gmail.com>
Date: Mon, 22 May 2006 14:45:45 -0400
Cc: dix at ietf.org, ietf-http-auth at lists.osafoundation.org, Sam Hartman <hartmans-ietf at mit.edu>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nfHusgvJhFRcKFy2/1QKiUXitsVOVVbC84mV0mAEXehOP0e1j/eNtLix3AuOarKJsBOrZWlRxUDRis1bwBRPUIs6u93qTxqajg0elpgoBMjgOan7n3V0iQH6GklEENVnX8BzNM1Kv1vAkkWGU3bD7cPs6qh55D/Xv4QZ8vDPbQ0=
In-reply-to: <20060522161831.GL16695@binky.Central.Sun.COM>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <tslr72mp213.fsf@cz.mit.edu> <868xou831c.fsf@raman.networkresonance.com> <68fba5c50605220914p4311cd58wd256d7332dcc59e0@mail.gmail.com> <20060522161831.GL16695@binky.Central.Sun.COM>
Reply-to: Digital Identity Exchange <dix at ietf.org>

On 5/22/06, Nicolas Williams <Nicolas.Williams at sun.com> wrote:

As Sam says: the browser must change.


Sure, and I suspect almost all browser vendors are willing to do that,
but I think better security is an insufficient motivator for web
authors. The requirement for mutual authentication was interesting to
me. Groups extending Web formats and APIs[1] often encounter
situations where a slightly elevated trust level for certain scripts
would be useful.

Offering a carrot in the form of an extended JavaScript API for
authenticated scripts would probably accelerate deployment of these
new efforts.

[1] http://www.w3.org/2006/webapi/

--

Robert Sayre

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams

References:
- [dix] New draft on anti-phishing requirements
  - From: Sam Hartman
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Robert Sayre
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams

Prev by Date: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by Date: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Previous by thread: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by thread: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Index(es):
- Date
- Thread

[dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.