Eliot Lear <[EMAIL PROTECTED]> wrote: > Pete, > > So, from the conversation so far, these are the architectural/protocol > > issues I think need discussing at the BOF: > > > > - Discussion of the scope and number of the mechanisms. There seem to > > be desires for (1) the ability for the user to identify to the server > > (probably authenticating, preventing phishing as much as possible), > > (2) the ability to transfer user attributes to the server, (3) the > > ability to store user attributes remotely, and (4) the ability for a > > 3rd-party to warrant user attribute claims. > > On point (1) in order to fix phishing it is the server that must > properly authenticate to the user (e.g., other way round).
That's *one* way to attack phishing (at least the current form). There are others (cf. PwdHash) -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
