Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Mon, 22 May 2006 12:21:09 -0500
Cc: Digital Identity Exchange <dix at ietf.org>, ietf-http-auth at lists.osafoundation.org, Sam Hartman <hartmans-ietf at mit.edu>
In-reply-to: <86r72m6l0u.fsf@raman.networkresonance.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <tslr72mp213.fsf@cz.mit.edu> <868xou831c.fsf@raman.networkresonance.com> <20060522161457.GK16695@binky.Central.Sun.COM> <86wtce6n9e.fsf@raman.networkresonance.com> <tsly7wunfxb.fsf@cz.mit.edu> <86r72m6l0u.fsf@raman.networkresonance.com>
Reply-to: Digital Identity Exchange <dix at ietf.org>
User-agent: Mutt/1.5.7i

On Mon, May 22, 2006 at 10:12:49AM -0700, Eric Rescorla wrote:
> Sam Hartman <hartmans-ietf at mit.edu> writes:
> 
> >>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:
> >
> >     Eric> This is all pretty much laid out in the PwdHash and Felten
> >     Eric> papers.
> >
> > Sure.  My goal here is to describe a series of reasonably obvious
> > requirements so that we can evaluate solutions because we'e seen some
> > solutions like the ones you cite that meet a large number of these
> > conditions and we've seen other solutions that do not.
> 
> This was in response to Nico asking:
> 
>  "So, the protocols and the [secure] UI have to be "combined" -- can you
>  expand on this? "

I asked two other questions in the same paragraph.  All three were aimed
at rooting out whether you happen to be in broad agreement with Sam's
position.  This particular question was aimed at understanding in what
respects your view differs from Sam's.  Pointing me at these papers
doesn't answer my question :)

But I'll score you two as being in broad agreement anyways (if nothing
else it's a safe bet).

Nico
-- 

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- [dix] New draft on anti-phishing requirements
  - From: Sam Hartman
- [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Nicolas Williams
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Sam Hartman
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla

Prev by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Previous by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.