Actually, a fundamental problem with the current protocol is that there
was little attention paid to the requirements of UI design experts. The
natural result is that application developers worked with what they had to
produce an interface usable by their average user. Any critique of the
protocol or new protocal in this space MUST be consider interactive
usage AND unattended program to program authentication.
In the end 'phishing' is about UI and not protocols.
Dave Morris
On Tue, 11 Sep 2007, Sam Hartman wrote:
"Shumon" == Shumon Huque <shuque(_at_)isc(_dot_)upenn(_dot_)edu> writes:
Shumon> And yes, I agree that a new properly designed version of
Shumon> HTTP Digest authentication might be one way to help. As
Shumon> well as the various zero knowledge protocols.
I believe that http digest plus channel bindings does meet all the
requirements that draft-hartman-webauth-phishing discusses for
authentication systems. Clearly the protocol cannot define the UI issues.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf