Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

To: Digital Identity Exchange <dix at ietf.org>
Subject: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
From: Eric Rescorla <ekr at networkresonance.com>
Date: Thu, 25 May 2006 08:20:46 -0700
In-reply-to: <564522964.20060525203117@pobox.com> (Chris Drake's message of "Thu, 25 May 2006 20:31:17 +1000")
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <564522964.20060525203117@pobox.com>
Reply-to: EKR <ekr at networkresonance.com>, Digital Identity Exchange <dix at ietf.org>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

Chris Drake  <christopher at pobox.com> writes:

>>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
>
>     >>  I don't believe that my requirements would require that the
>     >> relying party talk to the identity provider.
>
> How do you propose to protect my privacy in this scenario?  I do not
> want the same credentials of mine revealed when I log in to
> "shame-your-boss.com" as when I log in to my sourceforge account, but
> I would like to avoid having to remember multitudes of different
> usernames and passwords for every web site I visit, as well as enjoy
> phishing defences... 

And you'd prefer to have your identity provider have a record
of every site you've visited?

-Ekr

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eliot Lear
- Re[2]: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Chris Drake
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams

References:
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Chris Drake

Prev by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Previous by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.