"Shumon" == Shumon Huque <shuque(_at_)isc(_dot_)upenn(_dot_)edu> writes:
Shumon> And yes, I agree that a new properly designed version of
Shumon> HTTP Digest authentication might be one way to help. As
Shumon> well as the various zero knowledge protocols.
I believe that http digest plus channel bindings does meet all the
requirements that draft-hartman-webauth-phishing discusses for
authentication systems. Clearly the protocol cannot define the UI issues.
I'm not sure I prefer the approach of revising http digest, but I do
believe it would meet the requirements of my draft.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf