David Morris wrote:
> Actually, a fundamental problem with the current protocol is that there
> was little attention paid to the requirements of UI design experts. The
> natural result is that application developers worked with what they had to
> produce an interface usable by their average user. Any critique of the
> protocol or new protocal in this space MUST be consider interactive
> usage AND unattended program to program authentication.
> In the end 'phishing' is about UI and not protocols.
Ietf mailing list