On Mon, Sep 19, 2011 at 6:42 PM, James A. Donald <[email protected]> wrote: > The user expects a login screen. Login screens are *not* traditionally full > screen, even on cell phones. Therefore, if we take login out of the web > page, if the user ceases to expect or perceive login as happening out there > on the web, but instead perceives it as happening locally, the user will not > expect a full screen login page. > > That is how gamer apps usually do it. > > If the login page has a distinctive look, not easily faked (non rectangular, > overlapping the background, customized to user), it will be a trustworthy UI > path. >
This works for local apps, and it works for remote apps when the attacker can't MITM. The login screen (and possibly the transition to it) should be defined by the user. The user still needs to be able to tell whether some web page is "trusted" or not (meaning the mutual authentication was done). This should be accessible via SAS at least. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
