A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Requirements for Web Authentication Resistant to Phishing
Author(s) : S. Hartman
Filename : draft-hartman-webauth-phishing-07.txt
Pages : 25
Date : 2008-07-13
This memo proposes requirements for protocols between web identity
providers and users and for requirements for protocols between
identity providers and relying parties. These requirements minimize
the likelihood that criminals will be able to gain the credentials
necessary to impersonate a user or be able to fraudulently convince
users to disclose personal information. To meet these requirements
browsers must change. Websites must never receive information such
as passwords that can be used to impersonate the user to third
parties. Browsers should perform mutual authentication and flag
situations when the target website is not authorized to accept the
identity being offered as this is a strong indication of fraud.
These requirements may serve as a basis for requirements for
preventing fraud in environments other than the web.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hartman-webauth-phishing-07.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-hartman-webauth-phishing-07.txt>
-
_______________________________________________
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
