how can you verify that the site you get is not a fake?

[bruce]

matt...

you're close... the complete solution has to encompass a number of different
elements.

the original goal was to try to get rid of passwords, and allow the user to
'know' that the site that they're heading to/using is the site they actually
want to be on.

i'm pretty satisfied with the approach that i'm looking at right now...

over time, it solves the issue of 'being on the right site', it solves the
issue of having to handle different passwords.. it gets rid of traditional
passwords.. it can  be used for basic age verification, it also can be used
to match a transaction with a given machine via hash/fingerprinting of the
user machine...

it deals with lost user/key information...

dayum, i'm tired...

thanks
-bruce


-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of Matthew Miller
Sent: Monday, June 06, 2005 9:55 AM
To: For users of Fedora Core releases
Subject: Re: how can you verify that the site you get is not a fake?


On Mon, Jun 06, 2005 at 05:15:25PM +0100, Andy Green wrote:
> Here's an idea... you expect the site to challenge YOU for your password
> before giving you access, right?  Well keep that, but register a second
> password with the site when you join it, and the site has to show it to
> you over https before you will believe it is the site that you
> originally joined ;-)

or maybe an image you upload.

--
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 80 degrees Fahrenheit.

--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list