Server-to-server channel (now: Kerberos, Phishing)
Vinay Gupta
hexayurt at gmail.com
Thu Apr 5 11:04:19 UTC 2007
One further thought on Kerberos: as far as I know, Kerberos is a
minimal implementation - nothing simpler than this actually works in
the real world, and the Kerberos operating environment is a bit
simpler than what is being discussed in some instances here, in terms
of managing the language of what access permissions are being granted
by this sign-on event.
One thing I'd like to suggest we examine is personal customization as
a way to prevent Phishing. For example, say that my OpenID service
provider serves pages to me over HTTPS, and furthermore allows me to
upload my own color preference and background images.
Now, nobody who isn't logged in as me can see my image and colors, so
if somebody tries to mount Man In The Middle, they can't get access
to my images etc. and the page will look all wrong. Sounds dumb but
it might actually work pretty well in practice...
But the key is that those images have to be private, so that they foe
can't spider the page and show you a copy.
Vinay
--
Vinay Gupta - Designer, Hexayurt Project - an excellent public domain
refugee shelter system
Gizmo Project VOIP: 775-743-1851 (usually works!) Cell:
Iceland (+354) 869-4605
http://howtolivewiki.com/hexayurt - old http://appropedia.org/
Hexayurt_Project - new
Skype/Gizmo/Gtalk: hexayurt I have a proof which unfortunately this
signature is too short
More information about the specs
mailing list