ietf
[Top] [All Lists]

Re: security features.... (Re: Facts, please)

2006-09-19 11:52:46
Robert Sayre wrote:
On 9/19/06, Harald Alvestrand <harald(_at_)alvestrand(_dot_)no> wrote:
Robert Sayre wrote:

I don't disagree. The IETF might first try to design an authentication
feature worth requiring. None of the current options are at all
satisfactory.

In fact TLS + HTTP Basic Auth is pretty interoperable, secure against
quite a few attacks, and widely deployed.

Ah, this is the "wink, wink" approach to mandatory authentication.
Specify something no one uses. Here is my bank's web site:
<http://www.chase.com/>. It looks like a phishing attack.

If you try https://www.chase.com it redirects you to
http://www.chase.com.  How lame.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>