Re: [websec] [kitten] [saag] HTTP authentication: the next generation from David Morris on 2011-01-06 (ietf-http-wg@w3.org from January to March 2011)

From: David Morris <dwm@xpasc.com>
Date: Thu, 6 Jan 2011 08:03:54 -0800 (PST)
cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, websec <websec@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.1101060802120.6107@egate.xpasc.com>

On Thu, 6 Jan 2011, Ben Laurie wrote:

> The answer to this problem is hard, since it brings us back to taking the UI
> out of the sites hands.

Which is only helpful if you can somehow gaurantee that the user agent 
software hasn't been compromised. Not something I'd bet on...

Received on Thursday, 6 January 2011 16:05:00 UTC