RE: Symptoms vs. Causes
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Symptoms vs. Causes

I agree with Eliot and based upon what we know about phishing and UI, the more mandatory and automatic and easy to use you make the mutual authentication, and the less you leave to the user the better off you are.

 

From: Eliot Lear [mailto:lear at cisco.com]
Sent: Wednesday, September 12, 2007 3:59 AM
To: Eric Rescorla
Cc: ietf at ietf.org
Subject: Re: Symptoms vs. Causes

 

Eric Rescorla wrote:

 
In the end 'phishing' is about UI and not protocols.
    
 
Quite so.
 


It's about both.  We can severely limit phishing through the use of mutual authentication.  The UI part is that whatever mutual authentication you use has to be both mandatory AND easy to use.  The IETF has a responsibility in as much as we need to provide the protocol infrastructure that allows the UIs to be correct.  IMHO it's not just our responsibility - W3C has a role to play, and so do the IEEE and the ITU in as much as today's smart cards aren't really that smart.

Eliot

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.