Thanks Mike, I've added a section on password managers, see: http://www.w3.org/2006/WSC/drafts/note/Overview.html#password-manager Any rewording suggestions are welcome. I'm not so sure what to say about the phishing filters. I know of several arguments that these filters are in fact worse than nothing. The recent Stanford user study provides some relevant results. http://www.usablesecurity.org/papers/jackson.pdf I think the jury's still out on whether or not the recent anti-phishing filters in browsers are good or not. History suggests that blacklisting is often not a viable security technique. Tyler > -----Original Message----- > From: Mike Beltzner [mailto:beltzner@mozilla.com] > Sent: Monday, February 12, 2007 9:48 PM > To: Close, Tyler J. > Cc: public-wsc-wg@w3.org > Subject: Re: Merits of the status quo > > On 12-Feb-07, at 9:38 PM, Close, Tyler J. wrote: > > > At the f2f, there was some discussion of the need for a section > > discussing the merits of the status quo. I've put in a > start on such a > > section at: > > > > http://www.w3.org/2006/WSC/drafts/note/Overview.html#merits > > > > I am soliciting additional entries for this section. > > Dunno if you want to include something about recently added > anti- phishing filters (IE7, Firefox 2, Opera 9, Safari 2) or > the existence of password managers which help users and also > promote a subtle signal of security (ie: only letting you get > your saved password for sites you've been to before). Both > are "better than nothing" > approaches, so I don't know if they qualify as "merits" :) > > cheers, > mike > >Received on Tuesday, 13 February 2007 20:23:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:45 GMT