Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

To: EKR <ekr at networkresonance.com>, Digital Identity Exchange <dix at ietf.org>
Subject: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
From: Eliot Lear <lear at cisco.com>
Date: Mon, 29 May 2006 15:11:16 +0200
Authentication-results: sj-dkim-8.cisco.com; header.From=lear@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc:
Dkim-signature: a=rsa-sha1; q=dns; l=358; t=1148908269; x=1149772269; c=relaxed/simple; s=sjdkim8001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=lear@cisco.com; z=From:Eliot=20Lear=20<lear@cisco.com> |Subject:Re=3A=20[dix]=20Re=3A=20[Ietf-http-auth]=20New=20draft=20on=20anti-phish ing=20requirements; X=v=3Dcisco.com=3B=20h=3DjhQDcTD+XgEaQcIJE/1ENIAkbx4=3D; b=WsHITKWbsmS1WeVlgEQafUEdIMZ3RDpzIy2TaqppblnRtAkj3vLlWr5rL4dHlilg3MdLmrMa FsZ8Xkb0XKqZLtdVhXuwkhqwz6ONR6an7y03rO0lVpRKCBHtgkEMyZYq;
In-reply-to: <86mzd62ks1.fsf@raman.networkresonance.com>
List-archive: <http://www1.ietf.org/pipermail/dix>
List-help: <mailto:dix-request@ietf.org?subject=help>
List-id: Digital Identity Exchange <dix.ietf.org>
List-post: <mailto:dix@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
References: <564522964.20060525203117@pobox.com> <86mzd62ks1.fsf@raman.networkresonance.com>
Reply-to: Digital Identity Exchange <dix at ietf.org>
User-agent: Thunderbird 1.5.0.2 (Macintosh/20060308)

Eric Rescorla wrote:
> And you'd prefer to have your identity provider have a record
> of every site you've visited?
>   

What if the identity provider is an identity subsystem either on your
own computer or in some adjunct such as a smart card?  Then this problem
does not come up.  See December 2004 USENIX Login: Security Special issue.

Eliot

_______________________________________________
dix mailing list
dix at ietf.org
https://www1.ietf.org/mailman/listinfo/dix

References:
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Chris Drake
- Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
  - From: Eric Rescorla

Prev by Date: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by Date: [dix] draft-merrells-use-cases-04.txt
Previous by thread: Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements
Next by thread: [dix] draft-merrells-use-cases-04.txt
Index(es):
- Date
- Thread

Re: [dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.