- From: <sthomas2@ups.com>
- Date: Thu, 26 Apr 2007 08:19:32 -0400
- To: <public-usable-authentication@w3.org>
Dick is quite right. DNSSEC could indeed provide another tool in the toolbox to make sure that the network is doing what the user really wants. My issue, though, is elevating the DNSSEC status to a human-visible indication. The more indicators that are displayed to a user, the less likely the user is to pay attention to them. Research is already showing that users are ignoring the indications that browsers give them today. For that reason, browser designers need to be very parsimonious in displaying security indications and focus on showing information that is really important. Given the relative rarity of attacks involving improper name resolutions, a DNSSEC indication would not seem to have enough value to justify its use. Stephen -----Original Message----- From: Dick Hardt [mailto:dick@sxip.com] Sent: Thursday, 26 April 2007 8:10 AM To: Thomas Stephen (SKD8YPG) Cc: public-usable-authentication@w3.org Subject: Re: DNSSEC indicator There is unlikely to be a single silver bullet that solves *all* the issues. It is useful to know that the client really is connected to www.micros0ft.com if that is what the client wants to connect to. DNSSEC is not going to solve social phishing attacks, but it does enable other technology such as CardSpace etc. to have increased certainty on what is going on. -- Dick
Received on Thursday, 26 April 2007 12:20:11 UTC