| |||||||||||||
|
| |||||||||||||
client-side certificateclient-side certificatePosted Feb 26, 2005 9:21 UTC (Sat) by Klavs (subscriber, #10563)In reply to: client-side certificate by giraffedata Parent article: New IDN Homograph Spoofing Response: IDN Will Not Be Disabled (MozillaZine)
>Does that mean you can't access your bank from another computer? If so, I'd >switch banks if it were I.
If you don't bring your client certificate on, say, a USB-token? This coincides with the good principal of "something you have". With all (AFAIK) banks in DK incl. Skandiabanken, you have to have something you know, and something you have. They are only lacking "something you are" ;) - much better than just something you know(ie. like a password).
>What you've described doesn't seem to solve the homograph problem, though. >The fake bank site would accept the certificate.
(Log in to post comments)
client-side certificate Posted Feb 26, 2005 18:27 UTC (Sat) by giraffedata (subscriber, #1954) [Link] Yes, I was confused. You're talking about a scheme to make the stealing of a password unproductive (because the password isn't useful by itself), rather than to prevent someone from being fooled into thinking he is talking to his bank when he is not. Improving on the security of the password is good, but for a whole bunch of other reasons, phishing itself needs to be dealt with too.
|
|
||||||||||||