- From: Dick Hardt <dick@sxip.com>
- Date: Thu, 26 Apr 2007 14:10:20 +0200
- To: <sthomas2@ups.com>
- Cc: <public-usable-authentication@w3.org>
There is unlikely to be a single silver bullet that solves *all* the issues. It is useful to know that the client really is connected to www.micros0ft.com if that is what the client wants to connect to. DNSSEC is not going to solve social phishing attacks, but it does enable other technology such as CardSpace etc. to have increased certainty on what is going on. -- Dick On 26-Apr-07, at 1:37 PM, <sthomas2@ups.com> wrote: > > > Who "types in" URLs anymore? (The answers of security professionals, > such as those folks on this list, don't count.) > > If DNSSEC indicates that the client has correctly resolved the domain > name of, say, > www.microsOft.com, so what? > > -----Original Message----- > From: public-usable-authentication-request@w3.org > [mailto:public-usable-authentication-request@w3.org] On Behalf Of Dan > Schutzer > Sent: Thursday, 26 April 2007 6:04 AM > To: 'Thomas Roessler'; michael.mccormick@wellsfargo.com > Cc: ses@ll.mit.edu; public-wsc-wg@w3.org; kjell.rydjer@swedbank.se; > steve@shinkuro.com; public-usable-authentication@w3.org; 'Dan > Schutzer' > Subject: RE: DNSSEC indicator > > [...] it > indicates that they are at the correct web site (the site belonging to > the > url they typed in) > [...] > >
Received on Thursday, 26 April 2007 12:10:48 UTC