ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Symptoms vs. Causes

2007-09-12 02:28:40
from [Dan Schutzer] [Permanent Link] 
I agree with Eliot and based upon what we know about phishing and UI, the
more mandatory and automatic and easy to use you make the mutual
authentication, and the less you leave to the user the better off you are.

 

  _____  

From: Eliot Lear [mailto:lear(_at_)cisco(_dot_)com] 
Sent: Wednesday, September 12, 2007 3:59 AM
To: Eric Rescorla
Cc: ietf(_at_)ietf(_dot_)org
Subject: Re: Symptoms vs. Causes

 

Eric Rescorla wrote:



 
In the end 'phishing' is about UI and not protocols.
    

 
Quite so.
  


It's about both.  We can severely limit phishing through the use of mutual
authentication.  The UI part is that whatever mutual authentication you use
has to be both mandatory AND easy to use.  The IETF has a responsibility in
as much as we need to provide the protocol infrastructure that allows the
UIs to be correct.  IMHO it's not just our responsibility - W3C has a role
to play, and so do the IEEE and the ITU in as much as today's smart cards
aren't really that smart.

Eliot


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Symptoms vs. Causes, Eliot Lear
Next by Date:  Re: draft-aboba-sg-experiment-02.txt, Alexey Melnikov
Previous by Thread:  Re: Symptoms vs. Causes, Eliot Lear
Next by Thread:  Re: Symptoms vs. Causes, Eric Rescorla
Indexes:  [Date] [Thread] [Top] [All Lists]