Re: [dix] Agenda bashing
Eric Rescorla <ekr@networkresonance.com> Mon, 03 July 2006 20:41 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxVEb-0007Zo-Nu; Mon, 03 Jul 2006 16:41:33 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FxVEa-0007Zj-KK for dix@ietf.org; Mon, 03 Jul 2006 16:41:32 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FxVEY-0006Y2-Ac for dix@ietf.org; Mon, 03 Jul 2006 16:41:32 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 6DC8A1E8C1F; Mon, 3 Jul 2006 13:41:29 -0700 (PDT)
To: Digital Identity Exchange <dix@ietf.org>
Subject: Re: [dix] Agenda bashing
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Mon, 03 Jul 2006 13:41:29 -0700
In-Reply-To: <44A973DC.9040801@cisco.com> (Eliot Lear's message of "Mon, 03 Jul 2006 21:45:32 +0200")
Message-ID: <86zmfqa0au.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>, Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
Eliot Lear <lear@cisco.com> writes: > Eric Rescorla wrote: >> That's *one* way to attack phishing (at least the current form). >> There are others (cf. PwdHash) >> > > I'm sorry, but PwdHash is not enough of a reference for me to > understand, http://crypto.stanford.edu/PwdHash/ It's the first hit in Google, FWIW. > but I claim that the most *effective* way to prevent > phishing is to demand that the server prove its identity enough to know > the right question to ask of the client. If PwdHash covers this ground, > then we agree. It doesn't. It uses an entirely different technique. I don't think it's profitable to argue about what "most effective" is, but I don't agree that the mechanism you describe is the only one. -Ekr _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- Re: [dix] Agenda bashing Eliot Lear
- [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Haripriya S
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing thayes0993
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Ben Laurie
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re[2]: [dix] Agenda bashing Chris Drake