On Tue, Jan 13, 2015 at 9:30 PM, Chris Hartmann <[email protected]> wrote: > If a phisher > sent you an email claiming to be okta.com with a link to a fake but > believable hostname, say otka.com (see what I did there), you happen > to click the link and are on the verge of providing your credentials,
Yeah, that's the concern. > When yourcompany.com formed the business relationship with > okta.com it could perhaps share a bit of digitally signed data, say > digitally sign the url to the login page (www.okta.com/yourcompany) > and embed that in response. Given that the current address bar UI already has limited utility, it's not clear to me what making it more complicated will actually help users. -- https://annevankesteren.nl/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
