- From: Eliot Lear <lear@cisco.com>
- Date: Fri, 08 Jun 2007 14:46:24 +0000
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- Cc: Chris Newman <Chris.Newman@Sun.COM>, Apps Discuss <discuss@apps.ietf.org>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Henrik Nordstrom wrote:
> Just a reflection on the phishing problem.
>
> IMHO this is more of an UA and education problem, not so much a protocol
> problem even if having something more secure than Digest would be a good
> thing. But you should also be aware that making HTTP authentication
> stronger won't make any of the common forms of phishing much harder.
>
I disagree in the strongest possible terms. This *is* a problem we can
solve technically. It's just that no one has the will to do it and
we've organized ourselves so that the work cannot be done in one place.
If you had a component that was separate from your workstation, that had
but a single function – authentication – we could write appropriate APIs
and protocols to access that device such that you would never log in
without using it. The riskiest functions would be registration. In
that single area would I view this an education problem, but even there,
if we came up with a standard way to legitimately register individuals
we could probably make that problem much more solvable.
The problem is this:
* Registration and authentication occur with the forms interface
that W3C handles;
* The APIs are owned in large part by Microsoft and IEEE (POSIX);
* IETF owns the wire protocol
* Smartcard design is done by numerous (ISO, IEEE, other)
But to not attempt to solve these problems is dereliction of duty to the
community we as an organization are supposed to be serving. The LEAST
the IETF can do is put forth an authentication mechanism that solves the
wire protocol problem. It should jive with the other functions as they
evolve and provide flexibility to the organizations in question to offer
opaque communications so we can have better authentication mechanisms as
time goes on.
It's just shameful. And yes, I suppose I'm being a bit emotive, but we
have GOT to get off the dime, and the ONLY work that does so in this
space right now is Sam's draft and that of Leif Johannson.
> Then there is also the single-sign-on issue, but thats more of an
> implementation thing than protocol. Digest fits just as fine in
> single-sign-on models as the NTLM or Negotiate schemes widely deployed
> for the purpose today, but due to it being a different authentication
> mechanism than used for the desktop it's not used in that context.
>
I disagree with you on this as well, but then the term "single sign-on"
is so overloaded we really can't argue the point without debating the
term first. So I'll define it as only requiring one password to do
whatever it is I want to do (what the DIX/WAE BoFs called "Eliot's Dad's
Problem").
But I also think there's no use in me whining about the lack of this
stuff, and so I suppose it's time to shut up and either write a draft
that actually attempts to address Sam's concerns or build some code to
match some existing drafts, and then we can see how far off we are.
Eliot
Received on Friday, 8 June 2007 15:20:03 UTC