[27508] in cryptography@c2.net mail archive
Re: Status of SRP
daemon@ATHENA.MIT.EDU (Ka-Ping Yee)
Wed Jun 7 19:56:36 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 7 Jun 2006 12:49:21 -0500 (CDT)
From: Ka-Ping Yee <cryptography@zesty.ca>
To: John Brazel <john@tellurian.com.au>
Cc: cryptography@metzdowd.com
In-Reply-To: <44867707.1050704@tellurian.com.au>
On Wed, 7 Jun 2006, John Brazel wrote:
> What we really need is something similar to the built-in "remember
> my password" functionality of current web browsers: the browser keeps
> track of a login/password/certified (ie TLS certificate-backed) DNS name
> tuple...
[...]
> The downside, of course, is that:
>
> a) It wouldn't handle password changing,
> b) Some people use the same login and password *everywhere*,
> c) Once you change browsers or computers, all bets are off (because the
> new browser doesn't know anything about which passwords you use where).
If you haven't looked at this yet, i think you'll find it interesting:
http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/
These design ideas are intended to address exactly the things you've
just mentioned.
-- ?!ng
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
