RE: IETF seeking review: draft-hartman-webauth-phishing-03.txt

FSTC will be interested in providing a comment, and would be glad to work on
a group comment. What are the next steps?

Dan Schutzer
Dan.schutzer@fstc.org

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Thomas Roessler
Sent: Saturday, June 23, 2007 9:44 AM
To: public-wsc-wg@w3.org
Cc: lisa@commerce.net
Subject: IETF seeking review: draft-hartman-webauth-phishing-03.txt


Sam Hartman's Internet Draft "Requirements for Web Authentication
Resistant to Phishing" [1] is currently in IETF Last Call; Lisa
Dusseault (copied here) is the sponsoring Area Director.

Abstract:

  This memo proposes requirements for protocols between web identity
  providers and users and for requirements for protocols between
  identity providers and relying parties.  These requirements
  minimize the likelihood that criminals will be able to gain the
  credentials necessary to impersonate a user or be able to
  fraudulently convince users to disclose personal information.  To
  meet these requirements browsers must change.  Websites must never
  receive information such as passwords that can be used to
  impersonate the user to third parties.  Browsers should perform
  mutual authentication and flag situations when the target website
  is not authorized to accept the identity being offered as this is
  a strong indication of fraud.

I understand that review comments from this Working Group would be
very welcome, and that such comments would be most useful if they
arrived during the next two weeks.

If anybody is interested in putting together a group review, please
let me know.  Individual comments are fine as well.

1. http://www.ietf.org/internet-drafts/draft-hartman-webauth-phishing-03.txt

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Sunday, 24 June 2007 10:53:21 UTC