>>>>> "Dick" == Dick Hardt <[EMAIL PROTECTED]> writes:
Dick> Agreed. My point is that it is much easier to solve it in
Dick> one place then on all sites. The IdP can become a
Dick> combination of client side and server side code to deal much
Dick> more effectively with the phishing issue. It is unreasonable
Dick> for every site to do that.
I'm missing something here. Long term, it seems like all the clients
are going to need to change so that they can interact with the new
IDPs. Long term, the servers are definitely going to need to change
so they can accept information from the IDPs. I don't see why it is
unreasonable to solve this on all sites long-term. In fact, I believe
we're going to have to in order to deal with my requirement 4.4
(mutual authentication). And yes, I think that requirement is really
important because without it, you don't have assurance that you aren't
giving personal information to the wrong party--you don't have
assurance that you aren't being phished.
I think the question we should be asking in this space is whether
there is something we can do in short-to-medium term that has
acceptable intermediate security. A quetion you're presumably
interested in is whether DIX or something close to it would be such a
something.
I don't know what my answer to that question is. I hope to have
decided by the end of the BOF.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
