 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Eric,
> As I noted in my review, we already have a number of protocols which
> potentially provide this functionality, including mutual authentication.
>
And I think looking at protocols without an understanding of how they
are used and how they interact with the UI is just as wrong as
attempting to fix the problem simply within the UI. You wrote that some
mechanisms could be made to work. You might be right, but I'm not
convinced. Someone actually has to write out how these mechanisms, such
as challenge/response ARE made to work with a web browser and a
transactional protocol, such that they also actually solve Eliot's Dad's
probem (EDP ;-) of the user not shooting themselves in the foot by
transmitting the same credential to multiple disparate relying parties
(or authenticating services, if you will).
That's fully in scope for this organization, btw. Or for W3C.
Eliot
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf mailing list Ietf at ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.