Re: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
Sam Hartman <hartmans-ietf@mit.edu> Fri, 07 July 2006 14:19 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyrAb-0004dw-PF; Fri, 07 Jul 2006 10:19:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FyrAb-0004dr-9S for dix@ietf.org; Fri, 07 Jul 2006 10:19:01 -0400
Received: from carter-zimmerman.suchdamage.org ([69.25.196.178] helo=carter-zimmerman.mit.edu) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FyrAa-0006A4-16 for dix@ietf.org; Fri, 07 Jul 2006 10:19:01 -0400
Received: by carter-zimmerman.mit.edu (Postfix, from userid 8042) id E5DC5E0079; Fri, 7 Jul 2006 10:19:23 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Dick Hardt <dick@sxip.com>
Subject: Re: [dix] Re: [Ietf-http-auth] Notes on Web authentication enhancements
References: <20060619220742.40B85222427@laser.networkresonance.com> <2EFA8C54-9BF9-41CA-ABD0-D6286601A5B1@sxip.com> <868xnnfarh.fsf@raman.networkresonance.com> <528CC6D5-3549-438F-88AE-61D610B9D92F@sxip.com> <1b587cab0606240923sd7f435ds7fbf1aeecf2b304f@mail.google.com> <E2067EC0-B18E-433B-940C-BE30463396AA@sxip.com> <tslac7ma4o4.fsf@cz.mit.edu> <4C91C488-0D77-4204-A0F0-0005D0691F19@sxip.com>
Date: Fri, 07 Jul 2006 10:19:23 -0400
In-Reply-To: <4C91C488-0D77-4204-A0F0-0005D0691F19@sxip.com> (Dick Hardt's message of "Thu, 6 Jul 2006 21:32:53 -0700")
Message-ID: <tslirm95wgk.fsf@cz.mit.edu>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 0bc60ec82efc80c84b8d02f4b0e4de22
Cc: Digital Identity Exchange <dix@ietf.org>, ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
>>>>> "Dick" == Dick Hardt <dick@sxip.com> writes: Dick> 1) Most sites are not targeted by phishers today, and Agreed. Dick> unlikely to be targeted in the future, so they should not be Dick> forced to put in technology for resolving phishing. Disagree. As you start to see reuse of identity, you will see people moving from targeting primary targets to targeting other sites where credentials may be harvested. I think anyone who accepts identity information will ultimately be a target. Dick> 2) Currently the user has NO trusted site or client and is Dick> easily phished. Once the user has one trusted software Dick> system, then that system can more easily determine the Dick> identity of other sites. In other words, the user will not Dick> have to build up the full assurance stack with each site, Dick> the user can leverage something they already trust to assist Dick> in making the trust decision. I more or less completely disagree with the above, especially with the idea that the user will ever have one trusted software system. _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] Notes on Web authentication enhancements Eric Rescorla
- [dix] RE: [Ietf-http-auth] Notes on Web authentic… Hallam-Baker, Phillip
- Re: [dix] RE: [Ietf-http-auth] Notes on Web authe… Sam Hartman
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Ben Laurie
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Dick Hardt
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Stephan Fowler
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Eric Rescorla
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Mark Nottingham
- [dix] RE: [Ietf-http-auth] Notes on Web authentic… Hallam-Baker, Phillip
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Dick Hardt
- [dix] BOF plans (Was: Notes on Web authentication… Pete Resnick
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Robert Sayre
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Joe Orton
- Re: [dix] BOF plans (Was: Notes on Web authentica… Ben Laurie
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Stephan Fowler
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Eliot Lear
- Re: [dix] BOF plans (Was: Notes on Web authentica… Eliot Lear
- [dix] Re: [Ietf-http-auth] Notes on Web authentic… Robert Sayre
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… thayes0993
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Eliot Lear
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Robert Sayre
- Re: [dix] BOF plans (Was: Notes on Web authentica… John Merrells
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Gavin Baumanis
- Re: [dix] Notes on Web authentication enhancements Sam Hartman
- Re: [dix] BOF plans Sam Hartman
- [dix] Google Account Authorization - slightly off… Dick Hardt
- Re: [Ietf-http-auth] Re: [dix] BOF plans Sam Hartman
- Re: [dix] Google Account Authorization - slightly… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] BOF plans (Was: No… Ben Laurie
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Eric Rescorla
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Sam Hartman
- Re: [Ietf-http-auth] Re: [dix] Notes on Web authe… Gavin Baumanis
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Dick Hardt
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Sam Hartman