Re: Symptoms vs. Causes

None of the systems I mentioned (TLS-PSK, SRP, PwdHash) has this
problem--provided that the user actually uses the new authentication
method and doesn't type his password into some Web form. But of 
course that's a UI problem, not a protocol problem.

and IMHO, any solution that doesn't let the user type his password into
some Web form is a non-starter,
both for reasons of backward compatibility and because sites (quite
legitimately) want to provide a
visually attractive interface to users which is consistent across all
platforms (for support reasons).


This may well be true. 

However, I'm not aware of any technique which both meets this constraint
and is phishing resistant.

nor I.  but the first step in solving an unsolvable problem is realizing
what you're up against.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Symptoms vs. Causes, (continued) Re: Symptoms vs. Causes, Eric Rescorla Re: Symptoms vs. Causes, Eliot Lear Re: Symptoms vs. Causes, Eric Rescorla Re: Symptoms vs. Causes, Eliot Lear Re: Symptoms vs. Causes, Eric Rescorla Re: Symptoms vs. Causes, Eliot Lear Re: Symptoms vs. Causes, Eric Rescorla Re: Symptoms vs. Causes, Eliot Lear Re: Symptoms vs. Causes, Keith Moore Re: Symptoms vs. Causes, Eric Rescorla Re: Symptoms vs. Causes, Keith Moore <= Its an IRTF issue at this point RE: Symptoms vs. Causes, Hallam-Baker, Phillip RE: Symptoms vs. Causes, michael.dillon Re: Symptoms vs. Causes, Eric Rescorla RE: Symptoms vs. Causes, michael.dillon Re: Symptoms vs. Causes, Eric Rescorla RE: Symptoms vs. Causes, Hallam-Baker, Phillip RE: Symptoms vs. Causes, Hallam-Baker, Phillip Re: Symptoms vs. Causes (was next step on web phishing draft), Bernard Aboba