[27113] in cryptography@c2.net mail archive
Re: Status of SRP
daemon@ATHENA.MIT.EDU (Ka-Ping Yee)
Fri Jun 2 20:43:25 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 1 Jun 2006 14:34:01 -0500 (CDT)
From: Ka-Ping Yee <cryptography@zesty.ca>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "James A. Donald" <jamesd@echeque.com>, cryptography@metzdowd.com
In-Reply-To: <87d5dt49wq.fsf@mid.deneb.enyo.de>
On Thu, 1 Jun 2006, Florian Weimer wrote:
> > That is an all purpose argument that is deployed
> > selectively against some measures and not others.
>
> If you've deployed two-factor authentication (like German banks did in
> the late 80s/early 90s), the relevant attacks do involve compromised
> customer PCs. 8-( Just because you can't solve it with your technology
> doesn't mean you can pretend the attacks don't happen.
You're both right. The problem is that we are talking about
solutions but haven't yet agreed on a threat model to discuss.
-- ?!ng
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
