At Wed, 12 Sep 2007 09:59:25 +0200,
Eliot Lear wrote:
[1 <text/plain; ISO-8859-1 (7bit)>]
Eric Rescorla wrote:
In the end 'phishing' is about UI and not protocols.
Quite so.
It's about both. We can severely limit phishing through the use of
mutual authentication.
This is one possible approach, but not the only one. In fact, it's
one of my principal objections to Sam's document, so I'll refer
you to my review here.
The UI part is that whatever mutual
authentication you use has to be both mandatory AND easy to use.
And, of course, spoofing resistant, which is the major unsolved
problem.
The
IETF has a responsibility in as much as we need to provide the protocol
infrastructure that allows the UIs to be correct.
As I noted in my review, we already have a number of protocols which
potentially provide this functionality, including mutual authentication.
-Ekr
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf