W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2011

Re: [apps-discuss] [saag] [websec] [kitten] HTTP authentication: the next generation

From: Zed A. Shaw <zedshaw@zedshaw.com>
Date: Sun, 9 Jan 2011 12:16:27 -0800
To: Ben Laurie <benl@google.com>
Cc: Blaine Cook <romeda@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, David Morris <dwm@xpasc.com>, websec <websec@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20110109201627.GC12542@zedshaw>
On Sun, Jan 09, 2011 at 07:21:34PM +0000, Ben Laurie wrote:
> Whilst I do not disagree with this claim, you are wrong. There are
> protocols which effectively prevent phishing - so long as password
> entry is done in an unspoofable UI.

Alright, to avoid any "violent agreement", can you point me at any
documentation you have on your proposed solution?

-- 
Zed A. Shaw
http://zedshaw.com/
Received on Sunday, 9 January 2011 20:16:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:36 GMT