Nicolas Williams <[EMAIL PROTECTED]> writes: > On Mon, May 22, 2006 at 08:58:23AM -0700, Eric Rescorla wrote: >> 1. This is not principally a protocol problem but rather a UI problem. > > I've not read Sam's I-D yet, but he did present to me last week, so > perhaps I can comment. > > This is not just a UI problem, and there are several problems.
I agree that there are several problems, but only some subset of those problems are the "phishing" problem. >> The protocol problems are generally well understood. If the UI >> problems are solved, nearly any protocol will work. In particular, >> there have been a number of published designs [1] [2] that have mostly >> adequate (though not perfect) protocols, though without complete >> solutions to the UI problem. Indeed, a slightly different design >> for Digest (in which the absolute URI was hashed) combined with >> a secure UI would pretty much defeat current phishing attacks. > > So, the protocols and the [secure] UI have to be "combined" -- can you > expand on this? This is all pretty much laid out in the PwdHash and Felten papers. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
