Unforgeable dialog.

[Peter Gutmann]

"James A. Donald" <jamesd at echeque.com> writes:
>2. Html encourages legitimate businesses to use complicated and obfuscated
>actual targets for their urls, indistinguishable from those used by phishers.

I think a more general extension of this is "HTML allows the use of
arbitrarily sophisticated presentation attacks".  This definitely isn't a
capability you want to give to a malicious party, although it's way too late
to shut the barn door any more.

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com