|
List Info Thread: Pondering some issues on the phishing draft
[1-10] [11]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Pondering some issues on the phishing draft |
|
List Info Thread: Pondering some issues on the phishing draft
[1-10] [11]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
pobox.com
wrote:
> I'd recommend something different; outside the box. If
you're worried
> about people using UI clues, and you need mutual auth,
and you need
> per-site security (like pwdhash), it might be best to
build all these
> in together in a way that users cannot ignore. eg: If
PayPal assigned
> me a yellow tennis shoe jpeg, and I've got to click
that to log in,
> that's an elegant small part of the solution that
solves all these
> problems (and, doesn't need everyone to have admin
rights to install
> crypto extensions on every PC they use)
Phishers want your money. Your passwords are gravy. As
long as
phishers can mount an MITM attack your scheme fails.
Phishing is
essentially a MITM attack or built on MITM attacks.
You need mutual authentication and end-to-end integrity and
(if you want
it) confidentiality protection, where the ends are the user
agent and
the relying party.
Some folks are talking about pushing authentication down the
stack
(e.g., into TLS) to achieve this. Others are talking about
pushing
integrity and confidentiality protection up the stack (e.g.,
using
S/MIME and to hell with TLS). Still others are talking
about channel
binding (leaving authentication above TLS and integ/conf
protection at
the TLS layer and binding the two to prevent MITMs). Any of
these
solutions could do. But there will be a big UI component --
that little
lock icon doesn't cut it.
Nico
--
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-auth