We have seen how the certi?¬?cates, although
perfectly sound from the purely cryptographic standpoint, are
not really helping the user to deal with the server authentication
problem.
We have also seen how the wide gamut of different user experiences,
despite the fact that in the vast majority of cases they all
Inclusiveness and
tolerance are key
factors for the success
of a global
solution
106 Hints Toward a Solution
account for the task of entering username and password, confuses
the user to the point of making him vulnerable to the simplest
phishing attacks.
If we analyze from the pure engineering standpoint the communication
sequence when authenticating to a website, we discover
an almost universal pattern. Until the communication
happens between machines or software entities, the protocols
are predetermined and rigidly followed. Every phase mandates
message formats and sequences, and the semantic of every step
is unambiguously determined. A good example of this point is
given in Chapter 1, in the section ???SSL Client Authentication.???
As soon as human intervention is required, however, things
change. Even if the task is almost invariably to enter password
credentials, every website will implement the functionality in
different ways.
Pages:
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191