At Wed, 12 Sep 2007 17:08:05 +0200, Eliot Lear wrote: > > Eric, > > Each of these approaches has a fairly obvious architecture. In fact, > > Digest, which I forgot to mention in my previous message, > > already has a pre-existing architecture, and PwdHash works with > > the existing architecture. > > > > You have to put the two together. ALL of the approaches that you > mention fail given an insecure UI. It depends what you mean by "secure UI". If you mean "unspoofable password entry prompt", that's one thing. If you mean "client side software that's not susceptible to malware, keyloggers, etc.", that's quite another. All the approaches I mention work just fine with the first class of secure UI--provided we knew how to build one that people could actually use. > NONE of them are likely to be > applicable given a secure UI. I don't agree with this assertion. > What will be necessary is a secured > channel from the authentication module of the user to the authenticating > party. What's an "authentication module"? You seem to be assuming a particular system architecture that you haven't laid out. -Ekr _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf