Eric Rescorla wrote:
In the end 'phishing' is about UI and not protocols.
Quite so.
It's about both. We can severely limit phishing through the use of
mutual authentication. The UI part is that whatever mutual
authentication you use has to be both mandatory AND easy to use. The
IETF has a responsibility in as much as we need to provide the protocol
infrastructure that allows the UIs to be correct. IMHO it's not just
our responsibility - W3C has a role to play, and so do the IEEE and the
ITU in as much as today's smart cards aren't really that smart.
Eliot
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf