Re: [dix] Agenda bashing
Eric Rescorla <ekr@networkresonance.com> Tue, 04 July 2006 15:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fxmhs-0001P1-Ox; Tue, 04 Jul 2006 11:20:56 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fxmhs-0001Ow-4d for dix@ietf.org; Tue, 04 Jul 2006 11:20:56 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FxlXS-0006ld-6C for dix@ietf.org; Tue, 04 Jul 2006 10:06:06 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FxlRG-0006n0-TI for dix@ietf.org; Tue, 04 Jul 2006 09:59:44 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id B138B1E8C1F; Tue, 4 Jul 2006 06:59:39 -0700 (PDT)
To: Haripriya S <sharipriya@novell.com>
Subject: Re: [dix] Agenda bashing
References: <20060703172550.A182A222425@laser.networkresonance.com> <44A973DC.9040801@cisco.com> <44A973DC.9040801@cisco.com> <86zmfqa0au.fsf@raman.networkresonance.com> <44AA8C35.A648.00B6.0@novell.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 04 Jul 2006 06:59:39 -0700
In-Reply-To: <44AA8C35.A648.00B6.0@novell.com> (Haripriya S.'s message of "Tue, 04 Jul 2006 04:11:40 -0600")
Message-ID: <864pxxa2t0.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: -2.4 (--)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f
Cc: Digital Identity Exchange <dix@ietf.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>, Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
"Haripriya S" <sharipriya@novell.com> writes: > pwdHash can address two problems: > a. theft of the passwords from one website and using the same at other > websites > b. theft of passwords for the target website by phishing > But techniques like pwdHash cannot prevent phishing attacks where the > phishing sites do not even validate the password from the user, but goes > on to prompt and capture long-term credentials from the user like credit > cards etc. As Eliot pointed out, in such cases it is the server which > needs to be authenticated in a phish-proof way. That's one way to look at it. Another is that this is just another password and should be solved with the same approach. -Ekr _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- Re: [dix] Agenda bashing Eliot Lear
- [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Pete Resnick
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Haripriya S
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing thayes0993
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Ben Laurie
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- RE: [dix] Agenda bashing Hallam-Baker, Phillip
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eliot Lear
- Re: [dix] Agenda bashing Eric Rescorla
- Re: [dix] Agenda bashing Eliot Lear
- Re[2]: [dix] Agenda bashing Chris Drake