| ...This is the trusted-path problem. Some examples of proposed
| solutions to trusted-path are:
|
| - Dim the entire screen.
| - Use special window borders.
| - Use flashing window borders.
| - Use specially shaped windows.
| - Attach a warning label to all untrusted
On Thu, 1 Jun 2006, James A. Donald wrote:
Florian Weimer wrote:
There is no way to force an end user to enter a
password only over SRP.
Phishing relies on the login page looking familiar. If
SRP is in the browser chrome, and looks strikingly
different from any web page, the login page