On 24-Jun-06, at 9:23 AM, Ben Laurie wrote:
On a related note, the primary security threat I saw with DIX was how
the user knows they are at their IdP. DIX considers that out of band
as there does not need to be a standard way of doing it for DIX, each
IdP could do it a different way, and given this is a place the user
is visiting often whose purpose is to make sure the user knows they
are at the IdP and the IdP to have certainty it is the user, the
investment in stronger authN for both the user and the site is
worthwhile.
Isn't this essentially the primary security threat behind all
phishing?
Agreed. My point is that it is much easier to solve it in one place
then on all sites. The IdP can become a combination of client side
and server side code to deal much more effectively with the phishing
issue. It is unreasonable for every site to do that.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
