On Fri, Feb 01, 2008 at 07:58:16PM +0000, Steven M. Bellovin wrote:
> On Fri, 01 Feb 2008 13:29:52 +1300
> [EMAIL PROTECTED] (Peter Gutmann) wrote:
> > (Anyone have any clout with Firefox or MS?  Without significant
> > browser support it's hard to get any traction, but the browser
> > vendors are too busy chasing phantoms like EV certs).
> > 
> The big issue is prompting the user for a password in a way that no one
> will confuse with a web site doing so.  Given all the effort that's
> been put into making Javascript more and more powerful, and given
> things like picture-in-picture attacks, I'm not optimistic.   It might
> have been the right thing, once upon a time, but the horse may be too
> far out of the barn by now to make it worthwhile closing the barn door.

And on top of that web site designers don't want browser dialogs for
HTTP/TLS authentication.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to