New draft on anti-phishing requirements

Thread: New draft on anti-phishing requirements

Search this list only Search all lists
New draft on anti-phishing requirements
	2006-05-22 17:12:49
Sam Hartman <hartmans-ietfmit.edu> writes: >>>>>> "Eric" == Eric Rescorla <ekrnetworkresonance.com> writes: > > Eric> This is all pretty much laid out in the PwdHash and Felten > Eric> papers. > > Sure. My goal here is to describe a series of reasonably obvious > requirements so that we can evaluate solutions because we'e seen some > solutions like the ones you cite that meet a large number of these > conditions and we've seen other solutions that do not. This was in response to Nico asking: "So, the protocols and the [secure] UI have to be "combined" -- can you expand on this? " > I find specific requirements useful in such situations. Right. I indicated in my message, I'm not sure this draft dissects the reqts correctly. -Ekr _______________________________________________ Ietf-http-auth mailing list Ietf-http-authosafoundation.org http://lists.osafoundation.org/cgi-bin/mai lman/listinfo/ietf-http-auth

New draft on anti-phishing requirements
	2006-05-22 17:22:37
>>>>> "Eric" == Eric Rescorla <ekrnetworkresonance.com> writes: Eric> Right. I indicated in my message, I'm not sure this draft Eric> dissects the reqts correctly. Understood. However all your criticisms to date have been rather minor. _______________________________________________ Ietf-http-auth mailing list Ietf-http-authosafoundation.org http://lists.osafoundation.org/cgi-bin/mai lman/listinfo/ietf-http-auth

New draft on anti-phishing requirements
	2006-05-22 17:21:09
On Mon, May 22, 2006 at 10:12:49AM -0700, Eric Rescorla wrote: > Sam Hartman <hartmans-ietfmit.edu> writes: > > >>>>>> "Eric" == Eric Rescorla <ekrnetworkresonance.com> writes: > > > > Eric> This is all pretty much laid out in the PwdHash and Felten > > Eric> papers. > > > > Sure. My goal here is to describe a series of reasonably obvious > > requirements so that we can evaluate solutions because we'e seen some > > solutions like the ones you cite that meet a large number of these > > conditions and we've seen other solutions that do not. > > This was in response to Nico asking: > > "So, the protocols and the [secure] UI have to be "combined" -- can you > expand on this? " I asked two other questions in the same paragraph. All three were aimed at rooting out whether you happen to be in broad agreement with Sam's position. This particular question was aimed at understanding in what respects your view differs from Sam's. Pointing me at these papers doesn't answer my question But I'll score you two as being in broad agreement anyways (if nothing else it's a safe bet). Nico -- _______________________________________________ Ietf-http-auth mailing list Ietf-http-authosafoundation.org http://lists.osafoundation.org/cgi-bin/mai lman/listinfo/ietf-http-auth

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )