On Tue, Mar 12, 2013 at 06:31:56PM -0500, Kyle Maxwell wrote:
A. This doesn't eliminate phishing because users will still enter
their credentials at a site that doesn't actually match the one where
the cert was previously signed. Otherwise, existing HTTPS controls
would already protect them.
On 03/21/2013 09:02 PM, Rich Kulawiec wrote:
True, but phishing is not currently a solvable problem anyway; it falls
into a class of problems that can't be solved no matter how much clever
technology is developed because all of that technology presumes that
end user systems are secure...and
Well, given that protocol uses essentially now new tech (apart from the
message bit, which to me looks a bit superfluous), it should require
relatively little time to implement properly.
Furthermore, there are various parts of the protocol that are Good
Ideas, independently of the other parts -
Thank you for your concerns,
I think I have the issues you mention covered in the 'protocol'
On 03/13/2013 12:31 AM, Kyle Maxwell wrote:
I appreciate the intention, but I see a lot of problems here. Without
doing an exhaustive analysis:
A. This doesn't eliminate phishing because users will
On 03/13/2013 08:33 AM, Petter Ericson wrote:
Kyle:
A. This doesn't eliminate phishing because users will still enter
their credentials at a site that doesn't actually match the one where
the cert was previously signed. Otherwise, existing HTTPS controls
would already protect them.
Not