[dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements

To: Dick Hardt <dick at sxip.com>
Subject: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
From: Eric Rescorla <ekr at networkresonance.com>
Date: Fri, 23 Jun 2006 21:11:21 -0700
Cc: dix at ietf.org, ietf-http-auth at lists.osafoundation.org
In-reply-to: <F9C501D4-3A95-49C7-9648-FC49200AD5D2@sxip.com> (Dick Hardt's message of "Fri, 23 Jun 2006 18:51:26 -0700")
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <20060619220742.40B85222427@laser.networkresonance.com> <10123324-6DF8-4DF9-B9FC-0E3BE0FF363D@yahoo-inc.com> <86lkrnfqv3.fsf@raman.networkresonance.com> <F9C501D4-3A95-49C7-9648-FC49200AD5D2@sxip.com>
Reply-to: EKR <ekr at networkresonance.com>, Digital Identity Exchange <dix at ietf.org>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

Dick Hardt <dick at sxip.com> writes:
>> Part of the problem is that the user and the software have
>> a different view of the RP's identity. The software knows that
>> C1tibank and Citibank are different, but the user does not.
>
> Minor clarification: I was at the recent Anti Phishing Working Group
> meeting and many phishing attacks are gathering personal data in
> addition to or instead of the user's password.

Fair enough....

-Ekr

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- [dix] Notes on Web authentication enhancements
  - From: Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
  - From: Mark Nottingham
- [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
  - From: Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
  - From: Dick Hardt

Prev by Date: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Next by Date: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Previous by thread: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Next by thread: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Index(es):
- Date
- Thread

[dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.