|
|
|
|
|
|
by nickik
3437 days ago
|
|
|
Its a real problem, in the new anti-phishing protocols (U2F/UAF) have some ideas. The Web Origin Concept - https://tools.ietf.org/html/rfc6454 The also require the server to provide a list of Origins that are valid for the protocol, if the domain your logging into is not in the list, the challenge of the server will not be signed. Its called AppID in the protocol. See: https://fidoalliance.org/download/ |
|
|