I-D Action:draft-hartman-webauth-phishing-07.txt
Internet-Drafts@ietf.org Sun, 13 July 2008 20:30 UTC
Return-Path: <i-d-announce-bounces@ietf.org>
X-Original-To: i-d-announce-archive@megatron.ietf.org
Delivered-To: ietfarch-i-d-announce-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A53E53A68B3; Sun, 13 Jul 2008 13:30:02 -0700 (PDT)
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@core3.amsl.com
Received: by core3.amsl.com (Postfix, from userid 0) id A41CD3A68B3; Sun, 13 Jul 2008 13:30:01 -0700 (PDT)
From: Internet-Drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action:draft-hartman-webauth-phishing-07.txt
Content-Type: Multipart/Mixed; Boundary="NextPart"
Mime-Version: 1.0
Message-Id: <20080713203001.A41CD3A68B3@core3.amsl.com>
Date: Sun, 13 Jul 2008 13:30:01 -0700
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
Sender: i-d-announce-bounces@ietf.org
Errors-To: i-d-announce-bounces@ietf.org
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Requirements for Web Authentication Resistant to Phishing Author(s) : S. Hartman Filename : draft-hartman-webauth-phishing-07.txt Pages : 25 Date : 2008-07-13 This memo proposes requirements for protocols between web identity providers and users and for requirements for protocols between identity providers and relying parties. These requirements minimize the likelihood that criminals will be able to gain the credentials necessary to impersonate a user or be able to fraudulently convince users to disclose personal information. To meet these requirements browsers must change. Websites must never receive information such as passwords that can be used to impersonate the user to third parties. Browsers should perform mutual authentication and flag situations when the target website is not authorized to accept the identity being offered as this is a strong indication of fraud. These requirements may serve as a basis for requirements for preventing fraud in environments other than the web. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-hartman-webauth-phishing-07.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
_______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- I-D Action:draft-hartman-webauth-phishing-07.txt Internet-Drafts