- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Sun, 24 Jun 2007 06:53:05 -0400
- To: "'Thomas Roessler'" <tlr@w3.org>, <public-wsc-wg@w3.org>
- Cc: <lisa@commerce.net>
FSTC will be interested in providing a comment, and would be glad to work on a group comment. What are the next steps? Dan Schutzer Dan.schutzer@fstc.org -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Thomas Roessler Sent: Saturday, June 23, 2007 9:44 AM To: public-wsc-wg@w3.org Cc: lisa@commerce.net Subject: IETF seeking review: draft-hartman-webauth-phishing-03.txt Sam Hartman's Internet Draft "Requirements for Web Authentication Resistant to Phishing" [1] is currently in IETF Last Call; Lisa Dusseault (copied here) is the sponsoring Area Director. Abstract: This memo proposes requirements for protocols between web identity providers and users and for requirements for protocols between identity providers and relying parties. These requirements minimize the likelihood that criminals will be able to gain the credentials necessary to impersonate a user or be able to fraudulently convince users to disclose personal information. To meet these requirements browsers must change. Websites must never receive information such as passwords that can be used to impersonate the user to third parties. Browsers should perform mutual authentication and flag situations when the target website is not authorized to accept the identity being offered as this is a strong indication of fraud. I understand that review comments from this Working Group would be very welcome, and that such comments would be most useful if they arrived during the next two weeks. If anybody is interested in putting together a group review, please let me know. Individual comments are fine as well. 1. http://www.ietf.org/internet-drafts/draft-hartman-webauth-phishing-03.txt Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Sunday, 24 June 2007 10:53:21 UTC