[osis-general] OSIS PAPE call results
Chris Drake
christopher at pobox.com
Thu Nov 8 17:46:18 UTC 2007
Hi,
A quick comment:
"... End User does not provide shared secrets to a party potentially
under the control of the Relying Party ... "
So if the secret gets provided to any third party - so long as it's
not a party under control of the RP - it's *not* phishing ?
I think what everyone's trying to say is that "Phishing-Resistant"
means "End Users can't be tricked into giving things to the wrong
place"... is all the jargon/terminology/verbosity really necessary in
the definition?
Kind Regards,
Chris Drake
More information about the specs
mailing list