* James A. Donald: > The obvious solution to the phishing crisis is the widespread > deployment of SRP, but this does not seem to happening. SASL-SRP was > recently dropped. What is the problem?
There is no way to force an end user to enter a password only over SRP. That's why SRP is not effective against phishing (even the mimicry variant). In that regard, the password input field was a huge mistake. Fortunately, it doesn't matter because today, we must assume that the client is thoroughly compromised, which means that entering passwords over SRP isn't safe, either. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]