- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Thu, 26 Apr 2007 08:17:50 -0400
- To: "'Dick Hardt'" <dick@sxip.com>, <sthomas2@ups.com>
- Cc: <public-usable-authentication@w3.org>
That is why you need a safe mode where you can select from a list of certified sites - then you would never select www.microsOft.com instead of www.microsoft.com, because www.microsOft.com wouldn't make the list. -----Original Message----- From: public-usable-authentication-request@w3.org [mailto:public-usable-authentication-request@w3.org] On Behalf Of Dick Hardt Sent: Thursday, April 26, 2007 8:10 AM To: sthomas2@ups.com Cc: public-usable-authentication@w3.org Subject: Re: DNSSEC indicator There is unlikely to be a single silver bullet that solves *all* the issues. It is useful to know that the client really is connected to www.micros0ft.com if that is what the client wants to connect to. DNSSEC is not going to solve social phishing attacks, but it does enable other technology such as CardSpace etc. to have increased certainty on what is going on. -- Dick On 26-Apr-07, at 1:37 PM, <sthomas2@ups.com> wrote: > > > Who "types in" URLs anymore? (The answers of security professionals, > such as those folks on this list, don't count.) > > If DNSSEC indicates that the client has correctly resolved the domain > name of, say, > www.microsOft.com, so what? > > -----Original Message----- > From: public-usable-authentication-request@w3.org > [mailto:public-usable-authentication-request@w3.org] On Behalf Of Dan > Schutzer > Sent: Thursday, 26 April 2007 6:04 AM > To: 'Thomas Roessler'; michael.mccormick@wellsfargo.com > Cc: ses@ll.mit.edu; public-wsc-wg@w3.org; kjell.rydjer@swedbank.se; > steve@shinkuro.com; public-usable-authentication@w3.org; 'Dan > Schutzer' > Subject: RE: DNSSEC indicator > > [...] it > indicates that they are at the correct web site (the site belonging to > the > url they typed in) > [...] > >
Received on Thursday, 26 April 2007 12:18:10 UTC