RE: [dix] Re: [Ietf-http-auth] Notes on Web authenticationenhancements
"Hallam-Baker, Phillip" <pbaker@verisign.com> Fri, 07 July 2006 20:06 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fywb1-00024w-9g; Fri, 07 Jul 2006 16:06:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fywb0-000237-It for dix@ietf.org; Fri, 07 Jul 2006 16:06:38 -0400
Received: from colibri.verisign.com ([65.205.251.74]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fywaz-0000Qx-6f for dix@ietf.org; Fri, 07 Jul 2006 16:06:38 -0400
Received: from MOU1WNEXCN02.vcorp.ad.vrsn.com (mailer2.verisign.com [65.205.251.35]) by colibri.verisign.com (8.13.6/8.13.4) with ESMTP id k67K6aKL019696; Fri, 7 Jul 2006 13:06:36 -0700
Received: from MOU1WNEXMB04.vcorp.ad.vrsn.com ([10.25.13.157]) by MOU1WNEXCN02.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Jul 2006 13:06:35 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [dix] Re: [Ietf-http-auth] Notes on Web authenticationenhancements
Date: Fri, 07 Jul 2006 13:06:34 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37BD603F@MOU1WNEXMB04.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dix] Re: [Ietf-http-auth] Notes on Web authenticationenhancements
Thread-Index: AcahfnBHzvi44DHDTsSkPlK3d1ALwgAgIdzQ
From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
To: Dick Hardt <dick@sxip.com>, Sam Hartman <hartmans-ietf@mit.edu>
X-OriginalArrivalTime: 07 Jul 2006 20:06:35.0568 (UTC) FILETIME=[D9478300:01C6A200]
X-Spam-Score: 0.1 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
Cc: Digital Identity Exchange <dix@ietf.org>, ietf-http-auth@lists.osafoundation.org
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
> [mailto:ietf-http-auth-bounces@osafoundation.org] On Behalf > 1) Most sites are not targeted by phishers today, and > unlikely to be targeted in the future, so they should not be > forced to put in technology for resolving phishing. This is completely wrong. Every type of site is targetted by criminal schemes, blogs are currently targets for spam and for dropping trojans onto user machine via spyware. If I can get hold of a blogger's username and password I can install a trojan dropper onto their site. Blogger has been infested with hundreds of thousands of sites with music backgrounds provided by spyware companies. There are already extensive attacks against search engines. If you can see the searches someone has done recently you can quickly build up a picture to use in an identity theft. > 2) Currently the user has NO trusted site or client and is > easily phished. Once the user has one trusted software > system, then that system can more easily determine the > identity of other sites. In other words, the user will not > have to build up the full assurance stack with each site, the > user can leverage something they already trust to assist in > making the trust decision. The problem is not a lack of trusted sites, it is a lack of sites that are trustWORTHY. _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- RE: [dix] Re: [Ietf-http-auth] Notes on Web authe… Hallam-Baker, Phillip
- Re: [dix] Re: [Ietf-http-auth] Notes on Web authe… Dick Hardt
- RE: [dix] Re: [Ietf-http-auth] Notes on Web authe… Hallam-Baker, Phillip