-- In the SSL thread various solutions were proposed, or rather existing solutions pointed to:
1. SSH just works. So generalizing from the success of SSH, the browser should remember who you have relationships with, and the keys of the people you have relationships with. To avoid the name overload problem, those relationships should be named by Zooko's triangle, as the petname tool does, and should be a special kind of favorite, as the petname tool makes them. This requires that establishing a relationship, and verifying a shared secret, should be part of the browser chrome, as it is with SSH, rather than a particular application of generic web forms, as it is with existing practice. So when you hit a phisher, significantly different chrome comes up. 2. Phishers are after shared secrets, so secure each shared secret, and thus each relationship, with SRP-TLS-OpenSSL This also requires that establishing a relationship, and verifying a shared secret, should be part of the browser chrome, rather than a particular application of generic web forms. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8epIQqxZ+sfUW+5ao0hWd4g/hAhRlqifZr6xWoQn 47kvMBcL6UqQ54XSgEcxbJd8xqAh2LSxufi/3IBdG --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]