Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

[Eric Rescorla <ekr at networkresonance.com>]

Chris Drake  <christopher at pobox.com> writes:

> ER> Chris Drake  <christopher at pobox.com> writes:
>
>>>>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
>>>
>>>     >>  I don't believe that my requirements would require that the
>>>     >> relying party talk to the identity provider.
>>>
>>> How do you propose to protect my privacy in this scenario?  I do not
>>> want the same credentials of mine revealed when I log in to
>>> "shame-your-boss.com" as when I log in to my sourceforge account, but
>>> I would like to avoid having to remember multitudes of different
>>> usernames and passwords for every web site I visit, as well as enjoy
>>> phishing defences... 
>
> ER> And you'd prefer to have your identity provider have a record
> ER> of every site you've visited?
>
> Which would you prefer?
>
> Neither is ideal - the best solution would in fact *be* neither, but
> if I'm *forced* to let either the site who I chose to trust with my
> identity and privacy know where I go, or, let everywhere I go know who
> I am - I'll reluctantly choose the former.

Right, but you're not forced to. This sort of problem is fairly
well covered in the cryptographic literature. 

> Additionally - I can't, off the top of my head, think how to get my
> long-term credential into the relying party's web site without using
> HTTP redirects (introducing the referrer problem), extra installed
> software components (which corporate/internet-cafe users won't have
> permission to install), or users copy/pasting things into input boxes
> (tricky, unsafe, no phishing protection)

Basically any solution which is going to be phishing safe is 
likely to involve modifyign the browser somehow.

-Ekr



_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix