Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing

To: Digital Identity Exchange <dix at ietf.org>
Subject: Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
From: Eric Rescorla <ekr at networkresonance.com>
Date: Sun, 04 Jun 2006 15:35:49 -0700
In-reply-to: <tslmzcsh8kg.fsf@cz.mit.edu> (Sam Hartman's message of "Sun, 04 Jun 2006 18:14:55 -0400")
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <tsllksse88e.fsf@cz.mit.edu> <A21400FB-F862-4F90-919A-523280B4012B@sxip.com> <tsl8xofvbxu.fsf@cz.mit.edu> <114A4275-DD35-48B3-85D3-B7B305E2967B@sxip.com> <tslpshrqo0o.fsf@cz.mit.edu> <4480B66D.8040109@redhat.com> <tslmzcsh8kg.fsf@cz.mit.edu>
Reply-to: EKR <ekr at networkresonance.com>, Digital Identity Exchange <dix at ietf.org>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

Sam Hartman <hartmans-ietf at mit.edu> writes:

>>>>>> "Pete" == Pete Rowley <prowley at redhat.com> writes:
>
>     Pete> It is a requirement if you require to support more than
>     Pete> authN.  Access to a site might require an "I am over 21"
>     Pete> token, authZ without direct authN - DIX supports that, and I
>     Pete> believe it is important to do so.
>
> I think the over-21 example is particularly bad because I cannot
> imagine a site (at least in the US) not taking responsibility for that
> check themselves based on demographic data they request.  It seems
> like way too much of a risk to outsource this to an identity provider
> especially if you allow identities from a number of different identity
> providers.

I'm surprised to see you make this claim, since outsourced
adult verification services for porn sites are extremely common.

http://en.wikipedia.org/wiki/Adult_Verification_System

-Ekr

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: Sam Hartman

References:
- [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: John Merrells
- [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: Sam Hartman
- [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: John Merrells
- [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: Sam Hartman
- Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: Pete Rowley
- Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
  - From: Sam Hartman

Prev by Date: Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
Next by Date: Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
Previous by thread: Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
Next by thread: Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] BOF Request: WARP - Web Authentication Resistant to Phishing

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.