Eliot Lear <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: >> That's *one* way to attack phishing (at least the current form). >> There are others (cf. PwdHash) >> > > I'm sorry, but PwdHash is not enough of a reference for me to > understand,
http://crypto.stanford.edu/PwdHash/ It's the first hit in Google, FWIW. > but I claim that the most *effective* way to prevent > phishing is to demand that the server prove its identity enough to know > the right question to ask of the client. If PwdHash covers this ground, > then we agree. It doesn't. It uses an entirely different technique. I don't think it's profitable to argue about what "most effective" is, but I don't agree that the mechanism you describe is the only one. -Ekr _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
