Re: [apps-discuss] [saag] [websec] [kitten] HTTP authentication: the next generation from Zed A. Shaw on 2011-01-09 (ietf-http-wg@w3.org from January to March 2011)

From: Zed A. Shaw <zedshaw@zedshaw.com>
Date: Sun, 9 Jan 2011 12:16:27 -0800
To: Ben Laurie <benl@google.com>
Cc: Blaine Cook <romeda@gmail.com>, Phillip Hallam-Baker <hallam@gmail.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, David Morris <dwm@xpasc.com>, websec <websec@ietf.org>, "kitten@ietf.org" <kitten@ietf.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20110109201627.GC12542@zedshaw>

On Sun, Jan 09, 2011 at 07:21:34PM +0000, Ben Laurie wrote:
> Whilst I do not disagree with this claim, you are wrong. There are
> protocols which effectively prevent phishing - so long as password
> entry is done in an unspoofable UI.

Alright, to avoid any "violent agreement", can you point me at any
documentation you have on your proposed solution?

-- 
Zed A. Shaw
http://zedshaw.com/

Received on Sunday, 9 January 2011 20:16:54 UTC