Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
From: Eric Rescorla <ekr at networkresonance.com>
Date: Mon, 22 May 2006 10:12:49 -0700
Cc: Digital Identity Exchange <dix at ietf.org>, ietf-http-auth at lists.osafoundation.org, Nicolas Williams <Nicolas.Williams at sun.com>
In-reply-to: <tsly7wunfxb.fsf@cz.mit.edu> (Sam Hartman's message of "Mon, 22 May 2006 13:10:56 -0400")
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <tslr72mp213.fsf@cz.mit.edu> <868xou831c.fsf@raman.networkresonance.com> <20060522161457.GK16695@binky.Central.Sun.COM> <86wtce6n9e.fsf@raman.networkresonance.com> <tsly7wunfxb.fsf@cz.mit.edu>
Reply-to: EKR <ekr at networkresonance.com>, Digital Identity Exchange <dix at ietf.org>
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)

Sam Hartman <hartmans-ietf at mit.edu> writes:

>>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
>
>     Eric> This is all pretty much laid out in the PwdHash and Felten
>     Eric> papers.
>
> Sure.  My goal here is to describe a series of reasonably obvious
> requirements so that we can evaluate solutions because we'e seen some
> solutions like the ones you cite that meet a large number of these
> conditions and we've seen other solutions that do not.

This was in response to Nico asking:

 "So, the protocols and the [secure] UI have to be "combined" -- can you
 expand on this? "


> I find specific requirements useful in such situations.

Right. I indicated in my message, I'm not sure this draft dissects the
reqts correctly.

-Ekr


_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

Follow-Ups:
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Sam Hartman
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams

References:
- [dix] New draft on anti-phishing requirements
  - From: Sam Hartman
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Sam Hartman

Prev by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Previous by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.