* James A. Donald:
> --
> Florian Weimer wrote:
>> There is no way to force an end user to enter a
>> password only over SRP.
>
> Phishing relies on the login page looking familiar. If
> SRP is in the browser chrome, and looks strikingly
> different from any web page, the login page will not
On Thu, 1 Jun 2006, James A. Donald wrote:
> SRP necessarily runs in the chrome, in the client
> software, not in the web page, therefore the chrome,
> should put up an image that cannot be convincingly
> imitated by html
Sure, i agree. I only brought this up to point out that SRP
alone doesn't s
--
Florian Weimer wrote:
> There is no way to force an end user to enter a
> password only over SRP.
Phishing relies on the login page looking familiar. If
SRP is in the browser chrome, and looks strikingly
different from any web page, the login page will not
look familiar.
> Fortunately, i
--
James A. Donald wrote:
> > The obvious solution to the phishing crisis is the
> > widespread deployment of SRP
Lance James
> I disagree here, I don't think this will stop phishing
> for many reasons. Please explain how it would. It will
> stop "man-in-the-middle" attacks on the protocol, b
--
Ka-Ping Yee wrote:
> "Phishing" can mean a few different things. If by
> "phishing" you mean the stealing of passwords, then
> yes, SRP would help to eliminate that problem, but
> users could still be fooled into giving away their SRP
> passwords if the user interface for entering the
> pa
<[EMAIL PROTECTED]> writes:
>I am also interested in Opportunistic Encryption. Even if it is not as
>secure as a manually configured VPN, I am willing to trade that for what it
>does provide. I have looked at setting up OpenSWAN in OE mode, but frankly
>it is daunting even for the reasonably gee
* James A. Donald:
> The obvious solution to the phishing crisis is the widespread
> deployment of SRP, but this does not seem to happening. SASL-SRP was
> recently dropped. What is the problem?
There is no way to force an end user to enter a password only over
SRP. That's why SRP is not effec
- Original Message -
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject: Status of SRP
The obvious solution to the phishing crisis is the widespread deployment
of SRP, but this does not seem to happening. SASL-SRP was recently
dropped. What is the problem?
The problem is that you
Quoting "James A. Donald" <[EMAIL PROTECTED]>:
The obvious solution to the phishing crisis is the widespread
deployment of SRP, but this does not seem to happening. SASL-SRP was
recently dropped. What is the problem?
Patents.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media L
Lance James wrote:
> James A. Donald wrote:
>
>> The obvious solution to the phishing crisis is the widespread
>> deployment of SRP, but this does not seem to happening. SASL-SRP was
>> recently dropped. What is the problem?
>>
>
>
I want to clarify, because by typing to fast, i think
James A. Donald wrote:
> The obvious solution to the phishing crisis is the widespread
> deployment of SRP, but this does not seem to happening. SASL-SRP was
> recently dropped. What is the problem?
I disagree here, I don't think this will stop phishing for many reasons.
Please explain how it wo
We tend to think of traffic analysis as a modern technique, but it's
actually quite old. Here is a message from a spy, observing the
activities of two of (English Queen) Elizabeth I's courtiers, whom he
suspected of trying to manipulate her successor:
many secret meetings are made between
On Wed, 31 May 2006, James A. Donald wrote:
> The obvious solution to the phishing crisis is the widespread deployment
> of SRP, but this does not seem to happening. SASL-SRP was recently
> dropped. What is the problem?
"Phishing" can mean a few different things. If by "phishing" you
mean the s
On Wed, May 31, 2006 at 09:41:57AM +1000, James A. Donald wrote:
> The obvious solution to the phishing crisis is the widespread deployment
> of SRP, but this does not seem to happening. SASL-SRP was recently
> dropped. What is the problem?
The obvious solution is perhaps more difficult to de
On Wed, May 31, 2006 at 08:56:53AM +1000, James A. Donald wrote:
> Active attacks are rare, possibly nonexistent except for
> Wifi. If NSA and the other TLAs were doing active
> attacks, they would be detected some of the time. They
> don't like being detected.
Active attacks at the network lay
15 matches
Mail list logo