- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Sun, 29 Nov 2015 11:38:05 +0000
- To: public-credentials@w3.org
Hi Anders the only way I know to stop phishing, is to never have a remote web site redirect the user to go to another site (or to itself) to authenticate, since an evil web site will redirect the user to a phisher. regards David On 29/11/2015 08:02, Anders Rundgren wrote: > HI Guys, > > What is your solution for making things like the Swedish and Norwegian > Mobile BankID schemes "phishsafe"? > These schemes principally work as my QR-ID demo (although relying on > hard-coded URLs): > https://mobilepki.org/webauth/home > https://cyberphone.github.io/openkeystore/resources/docs/QR-ID-presentation.pdf > > A nice solution which in spite of using PKI is fully "phishable". > > Anders > >
Received on Sunday, 29 November 2015 11:37:48 UTC