W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [websec] re-call for IETF http-auth BoF

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Wed, 15 Jun 2011 17:08:06 +0200
Message-ID: <4DF8CAD6.4020308@telia.com>
To: Nico Williams <nico@cryptonector.com>
CC: Yutaka OIWA <y.oiwa@aist.go.jp>, "KIHARA, Boku" <bkihara.l@gmail.com>, public-identity@w3.org
On 2011-06-15 16:35, Nico Williams wrote:
<snip>
> I agree that a UI that cannot be imitated is a good and desirable
> thing, but as long as full-screen applications are allowed you'll need
> a secure attention sequence instead.

Another alternative is using authentication methods where you only
(optionally) use local PINs which if snooped by an imitating UI
doesn't get the attacker very far, at least not on an Internet scale.

PKI is still the champ.

--Anders
Received on Wednesday, 15 June 2011 15:08:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 15 June 2011 15:08:57 GMT