Re: Symptoms vs. Causes
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Symptoms vs. Causes
Actually, a fundamental problem with the current protocol is that there
was little attention paid to the requirements of UI design experts. The
natural result is that application developers worked with what they had to
produce an interface usable by their average user. Any critique of the
protocol or new protocal in this space MUST be consider interactive
usage AND unattended program to program authentication.
In the end 'phishing' is about UI and not protocols.
Dave Morris
On Tue, 11 Sep 2007, Sam Hartman wrote:
> >>>>> "Shumon" == Shumon Huque <shuque at isc.upenn.edu> writes:
>
> Shumon> And yes, I agree that a new properly designed version of
> Shumon> HTTP Digest authentication might be one way to help. As
> Shumon> well as the various zero knowledge protocols.
>
> I believe that http digest plus channel bindings does meet all the
> requirements that draft-hartman-webauth-phishing discusses for
> authentication systems. Clearly the protocol cannot define the UI issues.
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
