- From: George Staikos <staikos@kde.org>
- Date: Fri, 21 Apr 2006 02:21:22 -0400
- To: Undisclosed.Recipients: ;
- Cc: public-usable-authentication@w3.org
On Tuesday 18 April 2006 00:09, Mike Beltzner wrote: > > Do you think any website developers will ever accept such a > > thing? :-) I > > think not... > > At the conference we briefly discussed the potential for websites to > prompt browsers to enter a secure mode for a given page (using some > sort of meta tag, maybe?). The idea being that secure mode would only > needed at the point of web authentication or login, after which point > the app should be free to take advantage of all sorts of bells and > whistles. I think this only works if users are trained to only enter sensitive information in a page that has entered secure mode. Today in Porto Alegre I was trying to get onto the wifi network and I found the following: - one provider was using a certificate that I had no root for in Firefox or Konqueror - one provider was embedding an https frame in an http page - one provider was not using any https - at least one provider wrote "your data is secure" in the page I am very skeptical that we will see these sites implement secure-mode, and I'm also very skeptical that users won't continue to enter their information in a phishing site that does one of the techniques above. This makes me wonder how effective the solution will be in the short term. -- George Staikos KDE Developer http://www.kde.org/ Staikos Computing Services Inc. http://www.staikos.net/
Received on Friday, 21 April 2006 13:25:58 UTC