- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Wed, 15 Jun 2011 17:08:06 +0200
- To: Nico Williams <nico@cryptonector.com>
- CC: Yutaka OIWA <y.oiwa@aist.go.jp>, "KIHARA, Boku" <bkihara.l@gmail.com>, public-identity@w3.org
On 2011-06-15 16:35, Nico Williams wrote: <snip> > I agree that a UI that cannot be imitated is a good and desirable > thing, but as long as full-screen applications are allowed you'll need > a secure attention sequence instead. Another alternative is using authentication methods where you only (optionally) use local PINs which if snooped by an imitating UI doesn't get the attacker very far, at least not on an Internet scale. PKI is still the champ. --Anders
Received on Wednesday, 15 June 2011 15:08:56 UTC