And one that W3C is currently working on. I am on the W3C Web Security Context call at this very minute.
________________________________ From: Eliot Lear [mailto:[EMAIL PROTECTED] Sent: Wed 12/09/2007 10:20 AM To: Eric Rescorla Cc: [email protected]; Eliot Lear Subject: Re: Symptoms vs. Causes Eric, > As I noted in my review, we already have a number of protocols which > potentially provide this functionality, including mutual authentication. > And I think looking at protocols without an understanding of how they are used and how they interact with the UI is just as wrong as attempting to fix the problem simply within the UI. You wrote that some mechanisms could be made to work. You might be right, but I'm not convinced. Someone actually has to write out how these mechanisms, such as challenge/response ARE made to work with a web browser and a transactional protocol, such that they also actually solve Eliot's Dad's probem (EDP ;-) of the user not shooting themselves in the foot by transmitting the same credential to multiple disparate relying parties (or authenticating services, if you will). That's fully in scope for this organization, btw. Or for W3C. Eliot _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
