RE: Symptoms vs. Causes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I agree with Eliot and based upon what we know about phishing and UI, the more mandatory and automatic and easy to use you make the mutual authentication, and the less you leave to the user the better off you are.

 


From: Eliot Lear [mailto:lear@xxxxxxxxx]
Sent: Wednesday, September 12, 2007 3:59 AM
To: Eric Rescorla
Cc: ietf@xxxxxxxx
Subject: Re: Symptoms vs. Causes

 

Eric Rescorla wrote:

 
In the end 'phishing' is about UI and not protocols.
    
 
Quite so.
  


It's about both.  We can severely limit phishing through the use of mutual authentication.  The UI part is that whatever mutual authentication you use has to be both mandatory AND easy to use.  The IETF has a responsibility in as much as we need to provide the protocol infrastructure that allows the UIs to be correct.  IMHO it's not just our responsibility - W3C has a role to play, and so do the IEEE and the ITU in as much as today's smart cards aren't really that smart.

Eliot

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]