Re: [Ietf-http-auth] Request for review and consensus -- draft-hartman-webauth-phishing
SM <sm@resistor.net> Sat, 20 September 2008 08:53 UTC
Return-Path: <sm@resistor.net>
X-Original-To: ietf-http-auth@osafoundation.org
Delivered-To: ietf-http-auth@osafoundation.org
Received: from laweleka.osafoundation.org (laweleka.osafoundation.org [204.152.186.98]) by leilani.osafoundation.org (Postfix) with ESMTP id 25F8D80D8D for <ietf-http-auth@osafoundation.org>; Sat, 20 Sep 2008 01:53:29 -0700 (PDT)
Received: from localhost (laweleka.osafoundation.org [127.0.0.1]) by laweleka.osafoundation.org (Postfix) with ESMTP id 759AD142217 for <ietf-http-auth@osafoundation.org>; Sat, 20 Sep 2008 01:53:27 -0700 (PDT)
X-Virus-Scanned: by amavisd-new and clamav at osafoundation.org
X-Spam-Score: -2.907
X-Spam-Level:
X-Spam-Status: No, score=-2.907 tagged_above=-50 required=4 tests=[AWL=-0.308, BAYES_00=-2.599]
Received: from laweleka.osafoundation.org ([127.0.0.1]) by localhost (laweleka.osafoundation.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO+ttFZVapc0 for <ietf-http-auth@osafoundation.org>; Sat, 20 Sep 2008 01:53:14 -0700 (PDT)
Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by laweleka.osafoundation.org (Postfix) with ESMTP id E2FC7142212 for <ietf-http-auth@osafoundation.org>; Sat, 20 Sep 2008 01:53:14 -0700 (PDT)
Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.3/8.14.3) with ESMTP id m8K8qiRg007025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 20 Sep 2008 01:52:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1221900773; x=1221987173; bh=FbyhRfYSneCi/Qdc0pDN5+d+8ZiHfSOs0ojN oapVS/M=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To: References:Mime-Version:Content-Type; b=3DepPWVGxKOVGicrO7iRu6Zuu0 M4I7EEOFbbzImhBGnVSO4H8EOLcyM0oRRsLG2+eHP5AonG/Ry5Qn0nOTSpH/qMFP+rz YY4lJsFtdXU37XbQD+SSnKqLo5q+8Hmv0Gpbmg+XbFmnNgKUBhaKNaxPFeCZbZGGRD+ DUYQnBxS5j8=
DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns; b=3nhs4UzRh2Fru99ZtLa9LmY0QOG0egPgALaMQP6sYfSaSOgLDXrWy8/1mk9JNWWWg EXhiaL6DM7ZswPiJiUTIM1b+gtVo6E9lqKGMejiXbcIGRbb2z61Dx3JtJcHCPyvDX3w Kyq+KXET8BGtx9TJBEH2crTLc2FuPU/7+hYTSxQ=
Message-Id: <6.2.5.6.2.20080919235846.02fcb0f0@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Sat, 20 Sep 2008 01:52:30 -0700
To: Tom Yu <tlyu@MIT.EDU>
From: SM <sm@resistor.net>
Subject: Re: [Ietf-http-auth] Request for review and consensus -- draft-hartman-webauth-phishing
In-Reply-To: <ldvk5d9wcw1.fsf@cathode-dark-space.mit.edu>
References: <6.2.5.6.2.20080909153753.02f54d98@resistor.net> <ldvk5d9wcw1.fsf@cathode-dark-space.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: ietf-http-auth@osafoundation.org
X-BeenThere: ietf-http-auth@osafoundation.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ietf-http-auth.osafoundation.org
List-Unsubscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=unsubscribe>
List-Archive: <http://lists.osafoundation.org/pipermail/ietf-http-auth>
List-Post: <mailto:ietf-http-auth@osafoundation.org>
List-Help: <mailto:ietf-http-auth-request@osafoundation.org?subject=help>
List-Subscribe: <http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth>, <mailto:ietf-http-auth-request@osafoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Sep 2008 08:53:29 -0000
Hi Tom, At 11:02 18-09-2008, Tom Yu wrote: >I have repeatedly heard, from various people in the IETF, statements >to the effect of "it's a user interface design consideration, so we >don't have to worry about it". Your statement above might not be an >expression of this sentiment, but I think the point is worth >addressing. We do have to worry and care about user interface considerations. I was focusing on what part of the problem the IETF may be able to address and which part may be better suited for the W3C. >The IETF should certainly care about user interface design, but in a >very particular way: the protocols that the IETF designs place >constraints on user interface designers, and these constraints can >drive user interface design in ways that dramatically affect the >security and quality of the end user experience. Agreed. That's why it's better to work with user interface designers to find out the constraints the protocol places on their work and how it affect the security of the end user experience. It's all part of the chain. Regards, -sm
- Re: [Ietf-http-auth] Request for review and conse… SM
- Re: [Ietf-http-auth] Request for review and conse… Chris Newman
- Re: [Ietf-http-auth] Request for review and conse… Tom Yu
- Re: [Ietf-http-auth] Request for review and conse… SM
- [Ietf-http-auth] Assumptions about user motivatio… Sam Hartman
- Re: [Ietf-http-auth] Request for review and conse… Tom Yu
- Re: [Ietf-http-auth] Request for review and conse… Sam Hartman
- [Ietf-http-auth] Re: Request for review and conse… Sam Hartman
- Re: [Ietf-http-auth] Request for review and conse… SM
- Re: [Ietf-http-auth] Request for review and conse… Sam Hartman
- Re: [Ietf-http-auth] Request for review and conse… SM
- [Ietf-http-auth] Re: Request for review and conse… Simon Josefsson
- [Ietf-http-auth] [Peter Gutmann] Re: [saag] Reque… Sam Hartman
- Re: [saag] Request for review and consensus -- dr… Peter Gutmann
- [Ietf-http-auth] Request for review and consensus… Lisa Dusseault