At Wed, 12 Sep 2007 09:59:25 +0200, Eliot Lear wrote: > > [1 <text/plain; ISO-8859-1 (7bit)>] > Eric Rescorla wrote: > >> In the end 'phishing' is about UI and not protocols. > >> > > > > Quite so. > > > > It's about both. We can severely limit phishing through the use of > mutual authentication. This is one possible approach, but not the only one. In fact, it's one of my principal objections to Sam's document, so I'll refer you to my review here. > The UI part is that whatever mutual > authentication you use has to be both mandatory AND easy to use. And, of course, spoofing resistant, which is the major unsolved problem. > The > IETF has a responsibility in as much as we need to provide the protocol > infrastructure that allows the UIs to be correct. As I noted in my review, we already have a number of protocols which potentially provide this functionality, including mutual authentication. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf