IETF Logo Mail Archive

Re: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements

Sam Hartman <hartmans-ietf@mit.edu> Fri, 07 July 2006 14:19 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyrAb-0004dw-PF; Fri, 07 Jul 2006 10:19:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyrAb-0004dr-9S for dix@ietf.org; Fri, 07 Jul 2006 10:19:01 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FyrAa-0006A4-16 for dix@ietf.org; Fri, 07 Jul 2006 10:19:01 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id E5DC5E0079; Fri, 7 Jul 2006 10:19:23 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Dick Hardt <dick@sxip.com>
Subject: Re: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
References: <20060619220742.40B85222427@laser.networkresonance.com> <2EFA8C54-9BF9-41CA-ABD0-D6286601A5B1@sxip.com> <868xnnfarh.fsf@raman.networkresonance.com> <528CC6D5-3549-438F-88AE-61D610B9D92F@sxip.com> <1b587cab0606240923sd7f435ds7fbf1aeecf2b304f@mail.google.com> <E2067EC0-B18E-433B-940C-BE30463396AA@sxip.com> <tslac7ma4o4.fsf@cz.mit.edu> <4C91C488-0D77-4204-A0F0-0005D0691F19@sxip.com>
Date: Fri, 07 Jul 2006 10:19:23 -0400
In-Reply-To: <4C91C488-0D77-4204-A0F0-0005D0691F19@sxip.com> (Dick Hardt's message of "Thu, 6 Jul 2006 21:32:53 -0700")
Message-ID: <tslirm95wgk.fsf@cz.mit.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: Digital Identity Exchange <dix@ietf.org>, ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

>>>>> "Dick" == Dick Hardt <dick@sxip.com> writes:


    Dick> 1) Most sites are not targeted by phishers today, 
and
Agreed.

    Dick> unlikely to be targeted in the future, so they should not be
    Dick> forced to put in technology for resolving phishing.

Disagree.  As you start to see reuse of identity, you will see people
moving from targeting primary targets to targeting other sites where
credentials may be harvested.

I think anyone who accepts identity information will ultimately be a
target.

    Dick> 2) Currently the user has NO trusted site or client and is
    Dick> easily phished. Once the user has one trusted software
    Dick> system, then that system can more easily determine the
    Dick> identity of other sites. In other words, the user will not
    Dick> have to build up the full assurance stack with each site,
    Dick> the user can leverage something they already trust to assist
    Dick> in making the trust decision.

I more or less completely disagree with the above, especially with the
idea that the user will ever have one trusted software system.


_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email