Its an IRTF issue at this point RE: Symptoms vs. Causes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Re: Symptoms vs. Causes
I suggest people take a look at CardSpace before continuing this thread.
 
I don't use username/password at all and it is one heck of a lot nicer to use than any system that does. I can in addition make use of a password, smart-token or OTP token but there is no need for a username.
 
Kick this to the IRTF and start an interest/research group there if we are going to do anything.

From: Keith Moore [mailto:moore@xxxxxxxxxx]
Sent: Wed 12/09/2007 11:39 AM
To: Eric Rescorla
Cc: ietf@xxxxxxxx; Eliot Lear
Subject: Re: Symptoms vs. Causes


>>> None of the systems I mentioned (TLS-PSK, SRP, PwdHash) has this
>>> problem--provided that the user actually uses the new authentication
>>> method and doesn't type his password into some Web form. But of
>>> course that's a UI problem, not a protocol problem.
>>>  
>>>      
>> and IMHO, any solution that doesn't let the user type his password into
>> some Web form is a non-starter,
>> both for reasons of backward compatibility and because sites (quite
>> legitimately) want to provide a
>> visually attractive interface to users which is consistent across all
>> platforms (for support reasons).
>>    
>
> This may well be true.
>
> However, I'm not aware of any technique which both meets this constraint
> and is phishing resistant.
>  
nor I.  but the first step in solving an unsolvable problem is realizing
what you're up against.


_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]