[dix] Re: [Ietf-http-auth] New draft on anti-phishing requirements

[Sam Hartman]

>>>>> "Eric" == Eric Rescorla <ekr at networkresonance.com> writes:

    Eric> This is all pretty much laid out in the PwdHash and Felten
    Eric> papers.

Sure.  My goal here is to describe a series of reasonably obvious
requirements so that we can evaluate solutions because we'e seen some
solutions like the ones you cite that meet a large number of these
conditions and we've seen other solutions that do not.

I find specific requirements useful in such situations.