Heikki Toivonen wrote:
Ka-Ping Yee wrote:1. We want an antiphishing tool that does not transmit a record of the user's browsing activity.Good.2. We want an antiphishing tool that occupies modest or minimal screen space.Good.3. We want an antiphishing tool that is deployable without requiring major changes to server security infrastructure.Any short term solution will have a requirement that says: no server changes required. Long term everything is possible, but the less changes the better, of course. I think a fourth point is required as well: 4. No (or minimal) input from user. Current SSL system generally requires no input from user (exceptions are when some problem with the certificate the server presents). petname is an example where input is required for every SSL-enabled site the user visits more than once. And perhaps another point should be explicitly mentioned: 5. Easy to use. You could elaborate 5th a lot: trivially easy to use, idiot-proof, fail safely, ...
4. The Mozilla Foundation wants an anti phishing tool that will most likely only be noticed when you turn your monitor up side down i.e. in the status bar instead of the location bar!
Michael. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
