On Fri, Feb 01, 2008 at 07:58:16PM +0000, Steven M. Bellovin wrote: > On Fri, 01 Feb 2008 13:29:52 +1300 > [EMAIL PROTECTED] (Peter Gutmann) wrote: > > (Anyone have any clout with Firefox or MS? Without significant > > browser support it's hard to get any traction, but the browser > > vendors are too busy chasing phantoms like EV certs). > > > The big issue is prompting the user for a password in a way that no one > will confuse with a web site doing so. Given all the effort that's > been put into making Javascript more and more powerful, and given > things like picture-in-picture attacks, I'm not optimistic. It might > have been the right thing, once upon a time, but the horse may be too > far out of the barn by now to make it worthwhile closing the barn door.
And on top of that web site designers don't want browser dialogs for HTTP/TLS authentication. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]